From 8b6b1671133ffd6de7ba6cf17e975b225321a71a Mon Sep 17 00:00:00 2001
From: pi-farm <info@pi-farm.de>
Date: Mon, 9 Feb 2026 21:43:56 +0100
Subject: [PATCH] fix sign key

---
 .gitea/workflows/docker-builder.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/docker-builder.yml b/.gitea/workflows/docker-builder.yml
index 509ec35..d3706b5 100644
--- a/.gitea/workflows/docker-builder.yml
+++ b/.gitea/workflows/docker-builder.yml
@@ -260,17 +260,18 @@ jobs:
           IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
           echo "Signing image $IMAGE_TO_SIGN"
 
-          # --- Key generieren (temp) ---
+          # --- Temporary keypair ---
           COSIGN_KEY_FILE=$(mktemp)
           echo "Generating temporary Cosign keypair at $COSIGN_KEY_FILE"
-          cosign generate-key-pair --passphrase "" --key "$COSIGN_KEY_FILE"
+          cosign generate-key-pair --key "$COSIGN_KEY_FILE"
 
-          # Optional: Digest nutzen, um Warnung zu vermeiden
+          # --- Get digest to avoid tag warning ---
           DIGEST=$(docker buildx imagetools inspect "$IMAGE_TO_SIGN" --raw | jq -r '.manifests[0].digest')
           echo "Signing digest: $DIGEST"
 
-          # Signieren
+          # --- Sign image ---
           cosign sign --key "$COSIGN_KEY_FILE" "${IMAGE_TO_SIGN}@${DIGEST}"
 
-          # Cleanup
+          # --- Cleanup ---
           rm -f "$COSIGN_KEY_FILE" "$COSIGN_KEY_FILE.pub"
+