From 74b408428f72e1c1bae2046c3d550414249bb135 Mon Sep 17 00:00:00 2001
From: Gaius <gaius.qi@gmail.com>
Date: Wed, 18 Sep 2024 17:08:24 +0800
Subject: [PATCH] chore: add COSIGN_PUBLIC_KEY for cosign verify

Signed-off-by: Gaius <gaius.qi@gmail.com>
---
 .github/workflows/docker.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c9fc3056d63..1ddcea62793 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -117,10 +117,12 @@ jobs:
         run: |
           docker buildx imagetools inspect dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
           docker pull dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
-          cosign verify --key cosign.pub dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} 
+          cosign verify --key env://COSIGN_PUBLIC_KEY dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} 
           docker buildx imagetools inspect ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
           docker pull ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
-          cosign verify --key cosign.pub ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} 
+          cosign verify --key env://COSIGN_PUBLIC_KEY ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} 
+        env:
+          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
 
       - uses: anchore/sbom-action@v0
         with: