From cd4496061f2bfce09ba9a7ef12de1a7ea213f646 Mon Sep 17 00:00:00 2001
From: Dmitry Smirnov <dmitry.smirnov@transactcampus.com>
Date: Thu, 5 Dec 2024 17:23:38 +0200
Subject: [PATCH] test release

---
 .github/workflows/release.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index be0e976d..dae9c1b7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -65,15 +65,20 @@ jobs:
       - name: Sign Docker Image with Cosign
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          IMAGE_DIGEST: ${{ env.IMAGE_DIGEST }}
         run: |
+          # Ensure signing targets the digest, not the tag
           cosign sign -y \
             --key env://COSIGN_PRIVATE_KEY \
-            usabilitydynamics/udx-worker@${IMAGE_DIGEST}
+            "usabilitydynamics/udx-worker@${IMAGE_DIGEST}"
 
       - name: Verify Cosign Signature
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         run: |
-          cosign verify \
-            usabilitydynamics/udx-worker@${IMAGE_DIGEST}
+          cosign verify -y \
+            --key env://COSIGN_PRIVATE_KEY \
+            "usabilitydynamics/udx-worker@${IMAGE_DIGEST}"
 
       - name: Install Trivy
         run: |