mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 03:25:53 +00:00
Use image digest instead of tag when signing the released image with cosign (#960)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
6df05bd7a3
commit
87cc45e1cd
1 changed files with 1 additions and 1 deletions
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
@ -68,7 +68,7 @@ jobs:
|
|||
push: true
|
||||
build-args: GO_VERSION=1.20
|
||||
- name: Sign Docker Image
|
||||
run: cosign sign --yes --key /tmp/cosign.key ${TAGS}
|
||||
run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
|
||||
env:
|
||||
TAGS: ${{steps.meta.outputs.tags}}
|
||||
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
||||
|
|
Loading…
Reference in a new issue