build: Add support for new cosign bundle

pjbgf · pjbgf · commit 6c07908983ac · 2025-11-05T07:50:02.000Z
Signed-off-by: Paulo Gomes &lt;pjbgf@linux.com&gt;
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -24,13 +24,12 @@ archives:
 
 signs:
   - cmd: cosign
-    certificate: '${artifact}.pem'
+    signature: "${artifact}.sigstore.json"
     args:
       - sign-blob
       - '--yes'
-      - '--output-signature=${signature}'
-      - '--output-certificate=${certificate}'
-      - '--bundle=${artifact}.bundle'
+      - '--new-bundle-format=true'
+      - '--bundle=${signature}'
       - '${artifact}'
     artifacts: checksum
     output: true
@@ -44,7 +43,3 @@ sboms:
     artifacts: source
     documents:
       - '{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json'
-
-release:
-  extra_files:
-    - glob: ./**/*.bundle
