fix(CI): perform keyless signing of the artifact

meysam81 · Nov 10, 2024 · 8f2f77b · 8f2f77b
1 parent ac99965
commit 8f2f77b
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -128,11 +128,8 @@ jobs:
           flux tag artifact oci://ghcr.io/${{ github.repository }}:${{ github.run_id }} --tag latest
           echo "digest-url=$digest_url" >> $GITHUB_OUTPUT
       - name: Sign artifacts with cosign
-        env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ steps.push.outputs.digest-url }}
+          cosign sign --yes ${{ steps.push.outputs.digest-url }}
 
   release-please:
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'