ci: update cosign to v2 (action to v3) (#118)

Author: raffis

.github/workflows/release.yaml

@@ -35,7 +35,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b #v2.8.1
+        uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
       - uses: anchore/sbom-action/download-syft@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1
       - name: Create release and SBOM
         if: startsWith(github.ref, 'refs/tags/v')

.goreleaser.yaml

@@ -101,15 +101,17 @@ signs:
   - "--output-certificate=${certificate}"
   - "--output-signature=${signature}"
   - "${artifact}"
+  - --yes
   artifacts: checksum
   output: true
 
 docker_signs:
-  - cmd: cosign
-    env:
-    - COSIGN_EXPERIMENTAL=1
-    artifacts: images
-    output: true
-    args:
-    - 'sign'
-    - '${artifact}'
+- cmd: cosign
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  artifacts: images
+  output: true
+  args:
+  - 'sign'
+  - '${artifact}'
+  - --yes