docker-publish.yml: Use sigstore/cosign-installer@main

and use default cosign version as specified in action.yml; see https://github.com/sigstore/cosign-installer Hope this fixes recurrent error in signing the published Docker image once and for all.
OpenDRR · Jan 5, 2023 · 1f31b11 · 1f31b11
1 parent 6fcf1da
commit 1f31b11
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -46,10 +46,11 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
-        with:
-          cosign-release: 'v1.9.0'
+        uses: sigstore/cosign-installer@main
 
+      - name: Check cosign version
+        if: github.event_name != 'pull_request'
+        run: cosign version
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
@@ -92,6 +93,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish