Fix Cosign image signing by using digest instead of tag to avoid sign…

…ing incorrect image versions Signed-off-by: Saurabhkr952 <saurabhkr952@gmail.com>
Saurabhkr952 · Aug 27, 2024 · 223ec6a · 223ec6a
1 parent b6d855a
commit 223ec6a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/multi-stage-workflow.yml b/.github/workflows/multi-stage-workflow.yml
@@ -47,7 +47,7 @@ jobs:
           done
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
         env:
-          TAGS: ${{ github.sha }}
+          TAGS: saurabhkr952/dev-portfolio:${{ github.sha }} 
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}