From 93949f5d0e414ec8cf5d8ef5fa7554c89265982f Mon Sep 17 00:00:00 2001
From: Robert Sturla <robertsturla@outlook.com>
Date: Sat, 2 Mar 2024 23:21:15 +0000
Subject: [PATCH 1/2] Use digest when signing

---
 .github/workflows/build.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 65681dd..acf0c08 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -103,7 +103,7 @@ jobs:
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
+        #if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -112,7 +112,7 @@ jobs:
       # Push the image to GHCR (Image Registry)
       - name: Push To GHCR
         uses: redhat-actions/push-to-registry@v2
-        if: github.event_name != 'pull_request'
+        #if: github.event_name != 'pull_request'
         id: push
         with:
           registry: ${{ steps.registry_case.outputs.lowercase }}
@@ -121,14 +121,14 @@ jobs:
 
       # Sign container
       - uses: sigstore/cosign-installer@v3.4.0
-        if: github.event_name != 'pull_request'
+        #if: github.event_name != 'pull_request'
 
       - name: Sign container image
-        if: github.event_name != 'pull_request'
+        #if: github.event_name != 'pull_request'
         run: |
           cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
         env:
-          TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
+          TAGS: ${{ steps.push.outputs.digest }}
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 

From 6a2bca6725a5fdd6c8e6f8d1715f620e6a647035 Mon Sep 17 00:00:00 2001
From: Robert Sturla <robertsturla@outlook.com>
Date: Sat, 2 Mar 2024 23:28:15 +0000
Subject: [PATCH 2/2] Re-enable PR safety measures

---
 .github/workflows/build.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index acf0c08..34d4a90 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -103,7 +103,7 @@ jobs:
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
-        #if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -112,7 +112,7 @@ jobs:
       # Push the image to GHCR (Image Registry)
       - name: Push To GHCR
         uses: redhat-actions/push-to-registry@v2
-        #if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request'
         id: push
         with:
           registry: ${{ steps.registry_case.outputs.lowercase }}
@@ -121,10 +121,10 @@ jobs:
 
       # Sign container
       - uses: sigstore/cosign-installer@v3.4.0
-        #if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request'
 
       - name: Sign container image
-        #if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request'
         run: |
           cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
         env: