Update cosign to latest version in release Github action (#958)

Signed-off-by: Cosmin Cojocar <[email protected]>
securego · May 17, 2023 · c5ea1b7 · c5ea1b7
1 parent 8632a8c
commit c5ea1b7
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@v3
         with:
-          cosign-release: 'v1.13.1'
+          cosign-release: 'v2.0.2'
       - name: Store Cosign private key in a file
         run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
         shell: bash
@@ -68,7 +68,9 @@ jobs:
           push: true
           build-args: GO_VERSION=1.20
       - name: Sign Docker Image
-        run: cosign sign -key /tmp/cosign.key ${TAGS}
+        run: cosign sign --yes --key /tmp/cosign.key ${TAGS}
         env:
           TAGS: ${{steps.meta.outputs.tags}}
           COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+          COSIGN_PRIVATE_KEY: /tmp/cosign.key
+          DIGEST: ${{steps.build-push-action.outputs.digest}}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -26,6 +26,11 @@ builds:
 signs:
 - cmd: cosign
   stdin: '{{ .Env.COSIGN_PASSWORD}}'
-  args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"]
+  args:
+  - "sign-blob"
+  - "--key=/tmp/cosign.key"
+  - "--output=${signature}"
+  - "${artifact}"
+  - "--yes"
   artifacts: all