Try fixing cosign

Author: febus982

.github/workflows/ci-pipeline.yml

@@ -254,12 +254,11 @@ jobs:
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
           TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: |
           images=""
           for tag in ${TAGS}; do
-            images+="${tag}@${DIGEST} "
+            images+="${tag}@sha256:$(docker buildx imagetools inspect --format '{{.Digest}}' ${tag}) "
           done
           cosign sign --yes ${images}