From 349e959c6bd2b882d510b5ffd53cc0a76c4ee24c Mon Sep 17 00:00:00 2001
From: Roman Dmytrenko <rdmytrenko@gmail.com>
Date: Wed, 22 May 2024 10:24:23 +0300
Subject: [PATCH] chore: research changes in cosign (#6)

---
 .github/workflows/build-push.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index 66a0c94..d0b1ae2 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -2,7 +2,7 @@ name: Docker Builds
 
 on:
   push:
-    tags: [ 'v*' ]
+    tags: ["v*"]
   workflow_dispatch:
 
 env:
@@ -13,7 +13,6 @@ concurrency:
   group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
-
 jobs:
   build-push:
     runs-on: ubuntu-latest
@@ -54,5 +53,11 @@ jobs:
       - name: Sign the published Docker image
         if: github.event_name == 'push'
         env:
-          COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.docker_meta.outputs.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}