From cd44f11bde2fb875d4b0eaa53879697a1a3dbcbe Mon Sep 17 00:00:00 2001
From: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
Date: Thu, 2 Mar 2023 13:42:14 -0800
Subject: [PATCH 1/2] fix signing

Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
---
 .github/workflows/release-please.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
index a70a60723..ce250fe9f 100644
--- a/.github/workflows/release-please.yaml
+++ b/.github/workflows/release-please.yaml
@@ -62,6 +62,7 @@ jobs:
         run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
 
       - name: Build
+        id: build
         uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4
         with:
           builder: ${{ steps.buildx.outputs.name }}
@@ -77,13 +78,20 @@ jobs:
             VERSION=${{ needs.release-please.outputs.release_tag_name }}
             COMMIT=${{ github.sha }}
             DATE=${{ steps.date.outputs.date }}
+        outputs:
+          image_digest: ${{ steps.build.outputs.digest }}
 
+  container-signing:
+    needs: container-release
+    runs-on: ubuntu-latest
+    if: ${{ needs.release-please.outputs.release_created }}
+    steps:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
 
       - name: Sign the image
         run: |
-          cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.container-release.outputs.image_digest }}
           cosign public-key --key env://COSIGN_PRIVATE_KEY --outfile ${{ env.PUBLIC_KEY_FILE }}
         env:
           COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}

From ff1a73f17560852aa6e3fec0ef5cee87ea804e1e Mon Sep 17 00:00:00 2001
From: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
Date: Thu, 2 Mar 2023 15:41:54 -0800
Subject: [PATCH 2/2] fix delimiter for digest

Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
---
 .github/workflows/release-please.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
index d80b7a93d..6459a8bf3 100644
--- a/.github/workflows/release-please.yaml
+++ b/.github/workflows/release-please.yaml
@@ -91,7 +91,7 @@ jobs:
 
       - name: Sign the image
         run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.container-release.outputs.image_digest }}
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.container-release.outputs.image_digest }}
           cosign public-key --key env://COSIGN_PRIVATE_KEY --outfile ${{ env.PUBLIC_KEY_FILE }}
         env:
           COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}