Skip to content

Commit

Permalink
chore(deps): upgrade Cosign to v2.2.3 (argoproj#12850)
Browse files Browse the repository at this point in the history
Signed-off-by: Shunsuke Suzuki <[email protected]>
  • Loading branch information
suzuki-shunsuke authored Mar 30, 2024
1 parent 748ae47 commit 1b09539
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ jobs:
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
with:
cosign-release: 'v1.13.0'
cosign-release: 'v2.2.3'

- name: Push Multiarch Image
env:
Expand Down Expand Up @@ -196,7 +196,7 @@ jobs:
docker manifest push $image_name
docker manifest push quay.io/$image_name
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
cosign sign -y --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
done
Expand Down Expand Up @@ -299,7 +299,7 @@ jobs:
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
with:
cosign-release: 'v1.13.0'
cosign-release: 'v2.2.3'
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: |
if [ ${GITHUB_REF##*/} = main ]; then
Expand Down Expand Up @@ -331,7 +331,7 @@ jobs:
- run: make checksums
- name: Sign checksums and create public key for release assets
run: |
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argo-workflows-cli-checksums.txt > ./dist/argo-workflows-cli-checksums.sig
cosign sign-blob -y --key env://COSIGN_PRIVATE_KEY ./dist/argo-workflows-cli-checksums.txt > ./dist/argo-workflows-cli-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-workflows-cosign.pub
Expand Down

0 comments on commit 1b09539

Please sign in to comment.