From 5af3c109c5e9caf5f761b01f65ed87195bfbc172 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Cuadrado=20Juan?= <vcuadradojuan@suse.de>
Date: Mon, 6 Mar 2023 11:31:30 +0100
Subject: [PATCH] deps: Pin cosign to 1.* by pinning cosign-installer GHA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
---
 .github/workflows/container-build.yml | 4 ++--
 .github/workflows/container-image.yml | 2 +-
 .github/workflows/release.yml         | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index 377aabcc..138ca65e 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -33,7 +33,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: sigstore/cosign-installer@main
+      - uses: sigstore/cosign-installer@v2.8.1
       - name: Sign the images
         run: |
           cosign sign \
@@ -41,7 +41,7 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
 
-      - uses: sigstore/cosign-installer@main
+      - uses: sigstore/cosign-installer@v2.8.1
       - name: Sign the SBOM
         run: |
           tag=$(echo '${{needs.build.outputs.digest}}' | sed 's/:/-/g')
diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
index da684310..2bdfdef1 100644
--- a/.github/workflows/container-image.yml
+++ b/.github/workflows/container-image.yml
@@ -63,7 +63,7 @@ jobs:
       -
         name: Install Cosign
         if: ${{ inputs.generate-sbom == true }}
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v2.8.1
       -
         name: Retrieve tag name
         if: ${{ startsWith(github.ref, 'refs/heads/') }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ebe61045..0eca31bc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
         run: go install sigs.k8s.io/bom/cmd/bom@v0.2.2
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v2.8.1
 
       - name: Checkout code
         uses: actions/checkout@v3