Merge pull request #3090 from fosrl/github-action-cosign

Upgrade cosign installer to v4.1.2 and pin cosign version
2026-05-17 22:44:42 +00:00 · 2026-05-16 14:53:24 -07:00
parent 8c2e6965f1 3322f1ccb4
commit 159e91a07c
1 changed files with 3 additions and 1 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -415,7 +415,9 @@ jobs:

            - name: Install cosign
              # cosign is used to sign container images using keyless (OIDC) signing
-              uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+              uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
+              with:
+                cosign-release: v3.0.6

            - name: Sign (GHCR, keyless)
              # Sign each GHCR image by digest using keyless (OIDC) signing via Sigstore/Rekor.