Skip to content

Commit 3231b92

Browse files
c2ndevpoiana
c2ndev
authored and
poiana
committed
fix(ci): use cosign v2 for legacy tag-based (.sig) signatures
Signed-off-by: cannarelladev <cannarella.dev@gmail.com>
1 parent 24ebf63 commit 3231b92

File tree

1 file changed

+15
-8
lines changed

1 file changed

+15
-8
lines changed

.github/workflows/reusable-publish-oci-artifacts.yaml

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -82,20 +82,27 @@ jobs:
8282
packages: write
8383

8484
steps:
85-
- name: Install Cosign
86-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
87-
88-
- run: cosign version
89-
9085
- name: Log into ghcr.io
9186
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
9287
with:
9388
registry: ghcr.io
9489
username: ${{ github.repository_owner }}
9590
password: ${{ secrets.GITHUB_TOKEN }}
9691

97-
- name: Sign the artifacts with GitHub OIDC Token (OCI 1.1 referrers)
98-
run: cosign sign --yes ${{ matrix.value.repository.ref }}@${{ matrix.value.artifact.digest }}
92+
- name: Install Cosign v2
93+
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
94+
with:
95+
cosign-release: v2.6.2
9996

10097
- name: Sign the artifacts with GitHub OIDC Token (legacy tag-based)
101-
run: cosign sign --yes --registry-referrers-mode=legacy ${{ matrix.value.repository.ref }}@${{ matrix.value.artifact.digest }}
98+
run: |
99+
cosign version
100+
cosign sign --yes ${{ matrix.value.repository.ref }}@${{ matrix.value.artifact.digest }}
101+
102+
- name: Install Cosign v3
103+
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
104+
105+
- name: Sign the artifacts with GitHub OIDC Token (OCI 1.1 referrers)
106+
run: |
107+
cosign version
108+
cosign sign --yes ${{ matrix.value.repository.ref }}@${{ matrix.value.artifact.digest }}

0 commit comments

Comments
 (0)