Open
Description
we need to refactor cosign calling, it's now generating a warning and will error out in future
> cosign sign ghcr.io/containerbase/node:14.15.0
/home/runner/.cosign/cosign sign ghcr.io/containerbase/node:14.15.0
Generating ephemeral keys...
Retrieving signed certificate...
Note that there may be personally identifiable information associated with this signed artifact.
This may include the email address associated with the account with which you authenticate.
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
Successfully verified SCT...
WARNING: Image reference ghcr.io/containerbase/node:14.15.0 uses a tag, not a digest, to identify the image to sign.
This can lead you to sign a different image than the intended one. Please use a
digest (example.com/ubuntu@sha256:abc123...) rather than tag
(example.com/ubuntu:latest) for the input to cosign. The ability to refer to
images by tag will be removed in a future release.
tlog entry created with index: 12478726
Pushing signature to: ghcr.io/containerbase/node