From 223ec6a241deb20c7c4fd1338ba7f9e5cabe1d0d Mon Sep 17 00:00:00 2001
From: Saurabhkr952 <saurabhkr952@gmail.com>
Date: Tue, 27 Aug 2024 16:44:16 +0530
Subject: [PATCH] Fix Cosign image signing by using digest instead of tag to
 avoid signing incorrect image versions

Signed-off-by: Saurabhkr952 <saurabhkr952@gmail.com>
---
 .github/workflows/multi-stage-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/multi-stage-workflow.yml b/.github/workflows/multi-stage-workflow.yml
index b39cccb..33be845 100644
--- a/.github/workflows/multi-stage-workflow.yml
+++ b/.github/workflows/multi-stage-workflow.yml
@@ -47,7 +47,7 @@ jobs:
           done
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
         env:
-          TAGS: ${{ github.sha }}
+          TAGS: saurabhkr952/dev-portfolio:${{ github.sha }} 
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}