From 32325ef935bbaae587864cefd3a7928b0a154235 Mon Sep 17 00:00:00 2001 From: Marvin Winkler Date: Fri, 5 Jul 2024 20:14:32 +0200 Subject: [PATCH] fixed cosign in github workflow --- .github/workflows/docker-publish.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ecad540..eab3f73 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -93,11 +93,9 @@ jobs: # https://github.com/sigstore/cosign - name: Sign the published tagged Docker image if: ${{ github.event_name != 'pull_request' && !endsWith(steps.docker_version_tag.outputs.tag, 'latest') }} - env: - COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push-tagged.outputs.digest }} + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-tagged.outputs.digest }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action @@ -121,8 +119,6 @@ jobs: # https://github.com/sigstore/cosign - name: Sign the published latest Docker image if: ${{ github.event_name != 'pull_request' && !endsWith(steps.docker_version_tag.outputs.tag, 'latest') }} - env: - COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push-latest.outputs.digest }} \ No newline at end of file + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-latest.outputs.digest }} \ No newline at end of file