From d64ae263033c78b337974630cab4e3ad5f54f3cb Mon Sep 17 00:00:00 2001
From: ybelMekk <youssef.bel.mekki@nav.no>
Date: Thu, 27 Apr 2023 12:02:36 +0200
Subject: [PATCH] fix(cosign): add yes consent

---
 .github/workflows/main.yml | 4 ++--
 .goreleaser.yml            | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a5aab88..3d8a14f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -149,8 +149,8 @@ jobs:
       - name: Sign Docker image
         run: |
           echo '${{ secrets.COSIGN_PRIVATE_KEY }}' > cosign.key
-          cosign sign --key cosign.key ${{ env.CLI_IMAGE_TAG }}
-          cosign sign --key cosign.key ${{ env.ACTION_IMAGE_TAG }}
+          cosign sign --yes --key cosign.key ${{ env.CLI_IMAGE_TAG }}
+          cosign sign --yes --key cosign.key ${{ env.ACTION_IMAGE_TAG }}
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
       - name: Verify and attach attestation
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 76b08a0..0b2c713 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -39,13 +39,13 @@ signs:
   - id: sign archives
     cmd: cosign
     stdin: '{{ .Env.COSIGN_PASSWORD }}'
-    args: ["sign-blob", "--key=cosign.key", "--output=${signature}", "${artifact}"]
+    args: ["sign-blob", "--key=cosign.key", "--output=${signature}", "--yes", "${artifact}"]
     signature: "${artifact}.sig"
     artifacts: archive
   - id: sign checksum.txt
     cmd: cosign
     stdin: '{{ .Env.COSIGN_PASSWORD }}'
-    args: ["sign-blob", "--key=cosign.key", "--output=${signature}", "${artifact}"]
+    args: ["sign-blob", "--key=cosign.key", "--output=${signature}", "--yes", "${artifact}"]
     signature: "${artifact}.sig"
     artifacts: checksum
 changelog: