tag uploaded artifacts to the release

Author: binarycodes

.github/workflows/go-build.yml

@@ -51,9 +51,3 @@ jobs:
           name: ${{ inputs.artifact }}-${{ matrix.go-version }}
           path: ${{ inputs.service}}/bin/${{ inputs.artifact }}
           retention-days: 5
-
-      - name: set output for build files
-        id: outputs
-        run: |
-          echo "::set-output name=binary_x64::${{ inputs.service}}/bin/${{ inputs.artifact }}"
-          echo "::set-output name=binary_name::${{ inputs.artifact }}"

.github/workflows/release-workflow.yml

@@ -110,10 +110,12 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: upload amd64 go binary as release asset
-        uses: actions/upload-release-asset@v1
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
         with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ needs.go-build.outputs.binary_x64 }}  # Path to arm64 binary from reusable workflow's output
-          asset_name: ${{ needs.go-build.outputs.binary_name }}-linux-amd64
-          asset_content_type: application/octet-stream  # Content type for binaries
+          path: ./dist
+
+      - name: Upload artifacts to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ./dist/**/*

.github/workflows/ssh-key-signer-server-docker.yml

@@ -86,11 +86,9 @@ jobs:
       - name: sign the published docker image
         if: startsWith(github.ref, 'refs/tags/v')
         env:
+          COSIGN_EXPERIMENTAL: "true"
           TAGS: ${{ steps.meta.outputs.tags }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: |
-          echo "${TAGS}" | while read tag; do
-            cosign sign --yes $tag
-          done
+        run: cosign sign --yes ghcr.io/your-org/your-image@${DIGEST}