From 2a114e136992d82b09cea6be481c59284b51b8aa Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Mon, 2 Feb 2026 22:37:08 +0100
Subject: [PATCH] fix(goreleaser): print cosign cmd on stdout

---
 .goreleaser.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3985fa8..a745650 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -327,11 +327,13 @@ docker_signs:
   #
   # Default: ["sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"].
   # Templates: allowed.
+  # Note: Using --registry-referrers-mode=legacy ensures signature is stored as sha256-<digest>.sig tag
+  # which is required by ArtifactHub to display the "Signed" badge
   args:
   - "sign"
   - "--key=env://COSIGN_PRIVATE_KEY"
-  - "${artifact}@${digest}"
   - "--yes"
+  - "${artifact}@${digest}"
 
   # Which artifacts to sign.
   #
@@ -356,6 +358,8 @@ docker_signs:
   # StdinFile file to be given to the signature command as stdin.
   # stdin_file: ./passphrase.key
 
+  output: true
+
 gitea_urls:
   api: https://git.cryptic.systems/api/v1
   download: https://git.cryptic.systems