From 9cfc1f5b06283357705c885bc780551aee82dc2c Mon Sep 17 00:00:00 2001
From: Shiny Brar <shiny.brar@nrc-cnrc.gc.ca>
Date: Fri, 22 Nov 2024 11:28:29 -0800
Subject: [PATCH] fix(gha): cosign signing is not only done on sha digest,
 rather than tags, e.g. latest, vX.X.X etc

---
 .github/workflows/cd.edge.build.yml    | 2 +-
 .github/workflows/cd.release.build.yml | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/cd.edge.build.yml b/.github/workflows/cd.edge.build.yml
index 3f99b30c..9ed5b2f5 100644
--- a/.github/workflows/cd.edge.build.yml
+++ b/.github/workflows/cd.edge.build.yml
@@ -78,4 +78,4 @@ jobs:
         id: cosign
         run: |
           cosign version
-          cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload
+          cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload
\ No newline at end of file
diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml
index f626157a..fcf76d86 100644
--- a/.github/workflows/cd.release.build.yml
+++ b/.github/workflows/cd.release.build.yml
@@ -84,6 +84,4 @@ jobs:
         id: cosign
         run: |
           cosign version
-          cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload
-          cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} --upload
           cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload