From e5ede03f0d280215620cba477c80a61b49b3f518 Mon Sep 17 00:00:00 2001
From: Pram Gurusinga <pratama.gurusinga@digitalservice.bund.de>
Date: Wed, 24 Jan 2024 15:19:54 +0100
Subject: [PATCH] fix(cosign): disable cosign temporarily

---
 .github/workflows/ci-pipeline.yml | 2 +-
 docker.sh                         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
index eb9544ed8..49486f26d 100644
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -96,7 +96,7 @@ jobs:
         with:
           name: "${{ env.VULNERABILITY_SCAN_RECORD }}"
       - run: ./docker.sh --push prod
-      - run: ./docker.sh --attest
+      # - run: ./docker.sh --attest
       - id: prod_image_tag
         run: echo "prod_image_tag=$(./docker.sh --prodImageTag)" >> $GITHUB_OUTPUT
     outputs:
diff --git a/docker.sh b/docker.sh
index ff87087d5..acf092c29 100755
--- a/docker.sh
+++ b/docker.sh
@@ -135,19 +135,19 @@ case $1 in
         echo "Pushing $APP_IMAGE..."
         docker push --all-tags $APP_IMAGE
         echo "Signing $APP_IMAGE with cosign"
-        cosign sign --yes $APP_IMAGE
+        # cosign sign --yes $APP_IMAGE
         ;;
     content)
         echo "Pushing $CONTENT_IMAGE..."
         docker push --all-tags $CONTENT_IMAGE
         echo "Signing $CONTENT_IMAGE with cosign"
-        cosign sign --yes $CONTENT_IMAGE
+        # cosign sign --yes $CONTENT_IMAGE
         ;;
     prod)
         echo "Pushing $PROD_IMAGE..."
         docker push --all-tags $PROD_IMAGE
         echo "Signing $PROD_IMAGE with cosign"
-        cosign sign --yes $PROD_IMAGE
+        # cosign sign --yes $PROD_IMAGE
         ;;
     esac
     ;;