diff --git a/.github/workflows/nightly_build.yaml b/.github/workflows/nightly_build.yaml index d07c50eaee..d38acbe382 100644 --- a/.github/workflows/nightly_build.yaml +++ b/.github/workflows/nightly_build.yaml @@ -17,16 +17,13 @@ jobs: id-token: write packages: write - env: - COSIGN_EXPERIMENTAL: 1 - steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: - cosign-release: v1.13.1 + cosign-release: v2.2.3 - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Build images diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index dcde65e424..716a1a4a88 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -587,16 +587,13 @@ jobs: id-token: write packages: write - env: - COSIGN_EXPERIMENTAL: 1 - steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: - cosign-release: v1.13.1 + cosign-release: v2.2.3 - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images diff --git a/.github/workflows/scripts/push-images.sh b/.github/workflows/scripts/push-images.sh index 57759bf666..8999d636b4 100755 --- a/.github/workflows/scripts/push-images.sh +++ b/.github/workflows/scripts/push-images.sh @@ -68,5 +68,5 @@ for img in "${OCI_IMAGES[@]}"; do image_digest="$(jq -r '.manifests[0].digest' "${ROOTDIR}oci/${img}/index.json")" - cosign sign "${registry}/${img}@${image_digest}" + cosign sign -y "${registry}/${img}@${image_digest}" done