From 0d2024571135ce9dcb93e1720fb99d87b70d3a22 Mon Sep 17 00:00:00 2001
From: RJ Trujillo <eyecantcu@pm.me>
Date: Sat, 6 Jan 2024 20:53:24 -0700
Subject: [PATCH] feat(sign): Use Chainguard's cosign image in place of
 cosign-installer

---
 sign/action.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/sign/action.yml b/sign/action.yml
index 5b06b44..52c2db5 100644
--- a/sign/action.yml
+++ b/sign/action.yml
@@ -28,15 +28,12 @@ runs:
         username: ${{ github.actor }}
         password: ${{ inputs.registry-token }}
 
-    - name: Install cosign
-      uses: sigstore/cosign-installer@v3.3.0
-
     - name: Sign container image
       shell: bash
       run: |
         REGISTRY=$(echo ${{ inputs.registry }} | awk '{print tolower($0)}')
         for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY $REGISTRY/${CONTAINER}@${TAGS}
+          podman run --env-host cgr.dev/chainguard/cosign sign -y --key env://COSIGN_PRIVATE_KEY $REGISTRY/${CONTAINER}@${TAGS}
         done
       env:
         CONTAINERS: ${{ inputs.containers }}