From 1dd1efe33d50a741f9198044d43dcc0d7ef02af5 Mon Sep 17 00:00:00 2001
From: pi-farm <info@pi-farm.de>
Date: Mon, 9 Feb 2026 21:03:00 +0100
Subject: [PATCH] fix signing

---
 .gitea/workflows/docker-builder.yml | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/docker-builder.yml b/.gitea/workflows/docker-builder.yml
index cca7922..90a93b7 100644
--- a/.gitea/workflows/docker-builder.yml
+++ b/.gitea/workflows/docker-builder.yml
@@ -243,22 +243,28 @@ jobs:
           path: sbom.spdx.json
           
       - name: Install cosign
+        shell: bash
         run: |
           curl -sSfL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 \
-            -o /usr/local/bin/cosign
-          chmod +x /usr/local/bin/cosign
-      
+            -o cosign
+          chmod +x cosign
+          mv cosign /usr/local/bin/
+          cosign version
+
       - name: Sign image
         if: env.IS_TAG == 'true'
         shell: bash
         run: |
           set -euo pipefail
-          IMAGE_NAME="${REGISTRY_HOST}/${IMAGE_BASE}"
-          # Filter nur das erste Tag aus DOCKER_TAGS (falls mehrere)
-          IMAGE_TO_SIGN=$(echo "$DOCKER_TAGS" | cut -d',' -f1)
+          echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}"
+          echo "VERSION=${VERSION}"
+
+          IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
+
           echo "Signing image $IMAGE_TO_SIGN"
           cosign sign --key ${{ secrets.COSIGN_KEY }} "$IMAGE_TO_SIGN"
 
 
 
 
+