We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 54c0eb2 commit 64cc91cCopy full SHA for 64cc91c
.github/workflows/build-image-signed-cosign-malicious.yml
@@ -24,9 +24,7 @@ jobs:
24
echo "# This is a malicious update" >> app.py
25
26
- name: Install Cosign
27
- uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
28
- with:
29
- cosign-release: 'v2.1.1'
+ uses: sigstore/cosign-installer@v3.3.0
30
31
- name: Setup Docker buildx
32
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
@@ -60,5 +58,6 @@ jobs:
60
58
env:
61
59
DIGEST: ${{ steps.build-and-push.outputs.digest }}
62
run: |
+ cosign version
63
echo "ghcr.io/${{ github.repository }}:daily" | xargs -I {} cosign sign --yes {}@${DIGEST}
64
echo "ghcr.io/${{ github.repository }}:latest" | xargs -I {} cosign sign --yes {}@${DIGEST}
0 commit comments