Fix signature

thomasleplus · thomasleplus · commit 0cefb4457f1f · 2025-02-26T20:21:26.000-06:00
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -37,6 +37,7 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0
+        id: build
         with:
           context: ${{ env.IMAGE }}
           platforms: linux/amd64,linux/arm64
diff --git a/README.md b/README.md
@@ -106,37 +106,6 @@ The following checks were performed on each of these signatures:
 
 For instructions on how to install `cosign`, please read this [documentation](https://docs.sigstore.dev/cosign/system_config/installation/).
 
-### Sigstore
-
-[Sigstore](https://docs.sigstore.dev) is trying to improve supply
-chain security by allowing you to verify the origin of an
-artifcat. You can verify that the jar that you use was actually
-produced by this repository. This means that if you verify the
-signature of the ristretto jar, you can trust the integrity of the
-whole supply chain from code source, to CI/CD build, to distribution
-on Maven Central or whever you got the jar from.
-
-You can use the following command to verify the latest image using its
-sigstore signature attestation:
-
-```bash
-cosign verify leplusorg/xml --certificate-identity-regexp 'https://github\.com/leplusorg/docker-av/\.github/workflows/.+' --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'
-```
-
-The output should look something like this:
-
-```text
-Verification for index.docker.io/leplusorg/xml:main --
-The following checks were performed on each of these signatures:
-  - The cosign claims were validated
-  - Existence of the claims in the transparency log was verified offline
-  - The code-signing certificate was verified using trusted certificate authority certificates
-
-[{"critical":...
-```
-
-For instructions on how to install `cosign`, please read this [documentation](https://docs.sigstore.dev/cosign/system_config/installation/).
-
 ## Request new tool
 
 Please use [this link](https://github.com/leplusorg/docker-xml/issues/new?assignees=thomasleplus&labels=enhancement&template=feature_request.md&title=%5BFEAT%5D) (GitHub account required) to request that a new tool be added to the image. I am always interested in adding new capabilities to these images.
