@@ -156,6 +156,7 @@ jobs:
156156 env :
157157 INPUT_TAGS : ${{ steps.meta.outputs.tags }}
158158 INPUT_DIGESTS : ${{ steps.attest.outputs.digests }}
159+ COSIGN_EXPERIMENTAL : 1
159160 with :
160161 script : |
161162 const tags = core.getMultilineInput('tags');
@@ -166,7 +167,7 @@ jobs:
166167 images.push(`${tag}@${digest}`);
167168 }
168169 }
169- await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', ...images], {
170+ await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--registry-referrers-mode', 'oci-1-1', ...images], {
170171 ignoreReturnCode: true
171172 }).then(res => {
172173 if (res.stderr.length > 0 && res.exitCode != 0) {
@@ -180,14 +181,15 @@ jobs:
180181 env :
181182 INPUT_TAGS : ${{ steps.meta.outputs.tags }}
182183 INPUT_DIGESTS : ${{ steps.attest.outputs.digests }}
184+ COSIGN_EXPERIMENTAL : 1
183185 with :
184186 script : |
185187 const tags = core.getMultilineInput('tags');
186188 const digests = core.getMultilineInput('digests');
187189 for (const tag of tags) {
188190 for (const digest of digests) {
189191 await core.group(`Verifying ${tag}@${digest}`, async () => {
190- await exec.getExecOutput('cosign', ['-d', 'verify', '--certificate-identity-regexp', `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`, '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com', `${tag}@${digest}`], {
192+ await exec.getExecOutput('cosign', ['-d', 'verify', '--experimental-oci11', '-- certificate-identity-regexp', `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`, '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com', `${tag}@${digest}`], {
191193 ignoreReturnCode: true
192194 }).then(res => {
193195 if (res.stderr.length > 0 && res.exitCode != 0) {
0 commit comments