@@ -239,21 +239,21 @@ jobs:
239239 docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.docker_meta.outputs.version }} --format '{{ json (index .SBOM "linux/amd64") }}'
240240 echo "::endgroup::"
241241
242- name : Verify cosign signatures
243- run : |
244- echo "::group::Verify signature (DockerHub)"
245- cosign verify --rekor-url https://rekor.sigstore.dev \
246- --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
247- --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
248- ${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
249- echo "::endgroup::"
250-
251- echo "::group::Verify signature (GitHub Container Registry)"
252- cosign verify --rekor-url https://rekor.sigstore.dev \
253- --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
254- --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
255- ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
256- echo "::endgroup::"
242+ # - name: Verify cosign signatures
243+ # run: |
244+ # echo "::group::Verify signature (DockerHub)"
245+ # cosign verify --rekor-url https://rekor.sigstore.dev \
246+ # --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
247+ # --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
248+ # ${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
249+ # echo "::endgroup::"
250+
251+ # echo "::group::Verify signature (GitHub Container Registry)"
252+ # cosign verify --rekor-url https://rekor.sigstore.dev \
253+ # --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
254+ # --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
255+ # ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
256+ # echo "::endgroup::"
257257
258258 argocd :
259259 if : github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
0 commit comments