test release

.github/workflows/release.yml

@@ -122,26 +122,26 @@ jobs:
           name: sbom
           path: sbom.json
 
-      # - name: Install Cosign
-      #   uses: sigstore/[email protected]
-
-      # - name: Sign Docker image with Cosign
-      #   env:
-      #     COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      #   run: |
-      #     cosign sign -y \
-      #       --key env://COSIGN_PRIVATE_KEY \
-      #       usabilitydynamics/udx-worker@${{ steps.build-push.outputs.digest }}
-
-      # - name: Sign SBOM with Cosign
-      #   env:
-      #     COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      #   run: |
-      #     cosign attest -y \
-      #       --key env://COSIGN_PRIVATE_KEY \
-      #       --predicate sbom.json \
-      #       --type https://spdx.dev/spdx-specification-2-2-pdf \
-      #       usabilitydynamics/udx-worker@${{ steps.build-push.outputs.digest }}
+      - name: Install Cosign
+        uses: sigstore/[email protected]
+
+      - name: Sign Docker image with Cosign
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        run: |
+          cosign sign -y \
+            --key env://COSIGN_PRIVATE_KEY \
+            usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }}
+
+      - name: Sign SBOM with Cosign
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        run: |
+          cosign attest -y \
+            --key env://COSIGN_PRIVATE_KEY \
+            --predicate sbom.json \
+            --type https://spdx.dev/spdx-specification-2-2-pdf \
+            usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }}
 
       - name: Log out from Docker Hub
         run: docker logout