chore(deps): update dependency sigstore/cosign to v3.0.4

fix(goreleaser): print cosign cmd on stdout
2026-02-02 23:03:37 +00:00 · 2026-02-02 22:37:08 +01:00
3 changed files with 7 additions and 3 deletions
--- a/.gitea/workflows/artifacthub-metadata.yaml
+++ b/.gitea/workflows/artifacthub-metadata.yaml
@@ -13,7 +13,7 @@ jobs:
    - uses: actions/checkout@v6.0.2
    - uses: sigstore/cosign-installer@v4.0.0
      with:
-        cosign-release: "v3.0.3" # renovate: datasource=github-tags depName=sigstore/cosign
+        cosign-release: "v3.0.4" # renovate: datasource=github-tags depName=sigstore/cosign
    - uses: docker/login-action@v3.7.0
      with:
        registry: git.cryptic.systems
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -33,7 +33,7 @@ jobs:
        rm syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
    - uses: sigstore/cosign-installer@v4.0.0
      with:
-        cosign-release: "v3.0.3" # renovate: datasource=github-tags depName=sigstore/cosign
+        cosign-release: "v3.0.4" # renovate: datasource=github-tags depName=sigstore/cosign
    - uses: docker/setup-qemu-action@v3.7.0
    - uses: docker/setup-buildx-action@v3.12.0
    - uses: actions/setup-go@v6.2.0
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -327,11 +327,13 @@ docker_signs:
  #
  # Default: ["sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"].
  # Templates: allowed.
+  # Note: Using --registry-referrers-mode=legacy ensures signature is stored as sha256-<digest>.sig tag
+  # which is required by ArtifactHub to display the "Signed" badge
  args:
  - "sign"
  - "--key=env://COSIGN_PRIVATE_KEY"
-  - "${artifact}@${digest}"
  - "--yes"
+  - "${artifact}@${digest}"

  # Which artifacts to sign.
  #
@@ -356,6 +358,8 @@ docker_signs:
  # StdinFile file to be given to the signature command as stdin.
  # stdin_file: ./passphrase.key

+  output: true
+
 gitea_urls:
  api: https://git.cryptic.systems/api/v1
  download: https://git.cryptic.systems
Author	SHA1	Message	Date
CSRBot	8c0e4effe3	chore(deps): update dependency sigstore/cosign to v3.0.4 All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 11s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 29s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 10s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 7s Details Lint Markdown files / Run markdown linter (pull_request) Successful in 4s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 22s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 24s Details	2026-02-02 23:03:37 +00:00
Markus Pesch	2a114e1369	fix(goreleaser): print cosign cmd on stdout All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 12s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Markdown files / Run markdown linter (push) Successful in 4s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 24s Details Release / Release application (push) Successful in 2m20s Details Release / Upload Images to docker.io (push) Successful in 1m19s Details	2026-02-02 22:37:08 +01:00