Merge pull request #2 from danlishka/bump-cosign

migmartri · web-flow · commit 1fe61c894a96 · 2023-05-19T18:06:31.000+02:00
fix(ci): bump to cosign 2.0 (#117)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -15,7 +15,9 @@ jobs:
       contents: write # required for goreleaser
     steps:
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v2.5.0
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v2.0.2'
 
       - name: Install Chainloop
         run: |
@@ -93,5 +95,5 @@ jobs:
         run: |
           chainloop attestation reset --trigger cancellation
     env:
-      CHAINLOOP_VERSION: 0.8.92
+      CHAINLOOP_VERSION: 0.9.1
       CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -16,13 +16,14 @@ signs:
         "sign-blob",
         "--key=env://COSIGN_PRIVATE_KEY",
         "--output-signature=${signature}",
+        "--yes",
         "${artifact}",
       ]
     artifacts: all
 
 docker_signs:
   - cmd: cosign
-    args: ["sign", "--key=env://COSIGN_PRIVATE_KEY", "${artifact}"]
+    args: ["sign", "--yes", "--key=env://COSIGN_PRIVATE_KEY", "${artifact}"]
     artifacts: all
 
 dockers:
