build: enforce github-actions provider for signing

crazy-max · crazy-max · commit 934c9032f56f · 2025-08-20T18:00:42.000+02:00
Signed-off-by: CrazyMax &lt;1951866+crazy-max@users.noreply.github.com&gt;
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -167,7 +167,7 @@ jobs:
                 images.push(`${tag}@${digest}`);
               }
             }
-            await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--registry-referrers-mode', 'oci-1-1', ...images], {
+            await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--oidc-provider', 'github-actions', '--oidc-issuer', 'https://token.actions.githubusercontent.com', '--registry-referrers-mode', 'oci-1-1', ...images], {
               ignoreReturnCode: true
             }).then(res => {
               if (res.stderr.length > 0 && res.exitCode != 0) {

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ jobs:`
`167`	`167`	images.push(`${tag}@${digest}`);
`168`	`168`	`}`
`169`	`169`	`}`
`170`		`- await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--registry-referrers-mode', 'oci-1-1', ...images], {`
	`170`	`+ await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--oidc-provider', 'github-actions', '--oidc-issuer', 'https://token.actions.githubusercontent.com', '--registry-referrers-mode', 'oci-1-1', ...images], {`
`171`	`171`	`ignoreReturnCode: true`
`172`	`172`	`}).then(res => {`
`173`	`173`	`if (res.stderr.length > 0 && res.exitCode != 0) {`