diff --git a/.github/workflows/docker-publish-glibc.yml b/.github/workflows/docker-publish-glibc.yml index 1569226..add8494 100644 --- a/.github/workflows/docker-publish-glibc.yml +++ b/.github/workflows/docker-publish-glibc.yml @@ -45,21 +45,22 @@ jobs: - "7.0" - "8.0" os: -# - "-bullseye-slim" - "-bookworm-slim" - "" steps: - name: Checkout repository uses: actions/checkout@v3 + with: + fetch-depth: 1 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 + uses: sigstore/cosign-installer@v3.5.0 with: - cosign-release: 'v2.1.1' + cosign-release: 'v2.2.4' # Setup Docker buildx # https://github.com/docker/setup-buildx-action @@ -117,4 +118,9 @@ jobs: DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} diff --git a/.github/workflows/docker-publish-musl.yml b/.github/workflows/docker-publish-musl.yml index 807bda8..89a257d 100644 --- a/.github/workflows/docker-publish-musl.yml +++ b/.github/workflows/docker-publish-musl.yml @@ -113,7 +113,6 @@ jobs: DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. -# run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} run: | images="" for tag in ${TAGS}; do