Try using registry-paths output intead

samhclark · Sep 22, 2024 · bf56425 · bf56425
1 parent 3cdb709
commit bf56425
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -72,13 +72,14 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          IMAGE: ${{ steps.build_image.outputs.image }}
-          TAGS: ${{ steps.build_image.outputs.tags }}
-          DIGEST: ${{ steps.push.outputs.digest }}
+          # IMAGE: ghcr.io/${{ github.repository_owner }}/${{ steps.build_image.outputs.regis }}
+          # TAGS: ${{ steps.build_image.outputs.tags }}
+          digest: ${{ steps.push.outputs.digest }}
+          fully_qualified_image_names_json: ${{ steps.push.registry-paths }} 
           # SIGSTORE_ID_TOKEN: ${{ GITHUB_TOKEN }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes ghcr.io/${{ github.repository_owner }}/${IMAGE}:{}@${DIGEST}
+        run: echo "${fully_qualified_image_names_json}" | jq -r '.[]' | xargs -I {} cosign sign --yes "{}@${digest}"
 
       - name: Echo outputs
         if: github.event_name != 'pull_request'