fix: Package signing should happen in the oci workflow.

Signed-off-by: Justin Abrahms <justin@abrah.ms>
open-feature · Oct 25, 2022 · a04a110 · a04a110
1 parent 3eab92a
commit a04a110
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -79,10 +79,25 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
           labels: ${{ steps.meta.outputs.labels }}
 
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.0'
+
+      - name: Sign release image
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
+          # Displays the public key to share.
+          cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ env.DRY_RUN != 'true' }}
+
   release-assets:
     permissions:
       contents: write  # for softprops/action-gh-release to create GitHub release
-      packages: write  # for package signing
     needs: build-oci
     runs-on: ubuntu-latest
     if: ${{ needs.release-please.outputs.release_created }}
@@ -105,21 +120,6 @@ jobs:
 
         - uses: anchore/sbom-action@v0
 
-        - name: Install cosign
-          uses: sigstore/cosign-installer@main
-          with:
-            cosign-release: 'v1.13.0'
-
-        - name: Sign release image
-          run: |
-            cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
-            # Displays the public key to share.
-            cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
-          env:
-            COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
-            COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
-          if: ${{ env.DRY_RUN != 'true' }}
-
         - name: Release
           uses: softprops/action-gh-release@v1
           with: