Merge pull request #412 from viccuad/cosignv2

deps: Pin cosign to 1.* by pinning cosign-installer GHA
kubewarden · Mar 6, 2023 · 64bb4d9 · 64bb4d9
2 parents d7517f3 + 5af3c10
commit 64bb4d9
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
@@ -33,15 +33,15 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: sigstore/cosign-installer@main
+      - uses: sigstore/cosign-installer@v2.8.1
       - name: Sign the images
         run: |
           cosign sign \
             ${{needs.build.outputs.repository}}@${{needs.build.outputs.digest}}
         env:
           COSIGN_EXPERIMENTAL: 1
 
-      - uses: sigstore/cosign-installer@main
+      - uses: sigstore/cosign-installer@v2.8.1
       - name: Sign the SBOM
         run: |
           tag=$(echo '${{needs.build.outputs.digest}}' | sed 's/:/-/g')

diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
@@ -63,7 +63,7 @@ jobs:
       -
         name: Install Cosign
         if: ${{ inputs.generate-sbom == true }}
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v2.8.1
       -
         name: Retrieve tag name
         if: ${{ startsWith(github.ref, 'refs/heads/') }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
         run: go install sigs.k8s.io/bom/cmd/[email protected]
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v2.8.1
 
       - name: Checkout code
         uses: actions/checkout@v3