fix signing

2026-02-09 21:03:00 +01:00
parent c60cb41bd8
commit 1dd1efe33d
1 changed files with 12 additions and 6 deletions
--- a/.gitea/workflows/docker-builder.yml
+++ b/.gitea/workflows/docker-builder.yml
@@ -243,22 +243,28 @@ jobs:
          path: sbom.spdx.json
      - name: Install cosign
        shell: bash
        run: |
          curl -sSfL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 \
-            -o /usr/local/bin/cosign
+            -o cosign
-          chmod +x /usr/local/bin/cosign
+          chmod +x cosign
          mv cosign /usr/local/bin/
          cosign version
      - name: Sign image
        if: env.IS_TAG == 'true'
        shell: bash
        run: |
          set -euo pipefail
-          IMAGE_NAME="${REGISTRY_HOST}/${IMAGE_BASE}"
+          echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}"
-          # Filter nur das erste Tag aus DOCKER_TAGS (falls mehrere)
+          echo "VERSION=${VERSION}"
-          IMAGE_TO_SIGN=$(echo "$DOCKER_TAGS" | cut -d',' -f1)
+
          IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
          echo "Signing image $IMAGE_TO_SIGN"
          cosign sign --key ${{ secrets.COSIGN_KEY }} "$IMAGE_TO_SIGN"