From 47091f75b583937c357a9df1a9d5c0c3b4caa157 Mon Sep 17 00:00:00 2001 From: scap3yvt <149599669+scap3yvt@users.noreply.github.com> Date: Tue, 14 Nov 2023 19:53:40 -0500 Subject: [PATCH 1/3] updated cosign installation --- .github/workflows/docker-image.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index c1bb375ce..948faba32 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -58,9 +58,7 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 - with: - cosign-release: 'v1.4.0' + uses: sigstore/cosign-installer@v3.2.0 - name: Log into GitHub Packages registry (ghcr.io) if: github.event_name != 'pull_request' From feb923d634fdd24450761049f26a4f849e87fd2e Mon Sep 17 00:00:00 2001 From: scap3yvt <149599669+scap3yvt@users.noreply.github.com> Date: Tue, 14 Nov 2023 19:54:27 -0500 Subject: [PATCH 2/3] run cosign every time --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 948faba32..09d3a34d8 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -57,7 +57,7 @@ jobs: # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3.2.0 - name: Log into GitHub Packages registry (ghcr.io) From 9f4329c7b04a704fc56c629394a833ba458c5234 Mon Sep 17 00:00:00 2001 From: scap3yvt <149599669+scap3yvt@users.noreply.github.com> Date: Tue, 14 Nov 2023 20:05:52 -0500 Subject: [PATCH 3/3] no need for this --- .github/workflows/docker-image.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 09d3a34d8..e7b67070e 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -57,7 +57,6 @@ jobs: # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - # if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3.2.0 - name: Log into GitHub Packages registry (ghcr.io)