diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index b980b651980..876b97b5ee8 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -61,7 +61,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 + uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 - name: Sign image run: | cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }}