mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 03:25:53 +00:00
Use image digest instead of tag when signing the released image with cosign (#960)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
6df05bd7a3
commit
87cc45e1cd
1 changed files with 1 additions and 1 deletions
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
@ -68,7 +68,7 @@ jobs:
|
||||||
push: true
|
push: true
|
||||||
build-args: GO_VERSION=1.20
|
build-args: GO_VERSION=1.20
|
||||||
- name: Sign Docker Image
|
- name: Sign Docker Image
|
||||||
run: cosign sign --yes --key /tmp/cosign.key ${TAGS}
|
run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
|
||||||
env:
|
env:
|
||||||
TAGS: ${{steps.meta.outputs.tags}}
|
TAGS: ${{steps.meta.outputs.tags}}
|
||||||
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
||||||
|
|
Loading…
Reference in a new issue