Remove cosign

.github/workflows/cicd.yml

@@ -2,7 +2,7 @@ name: CI/CD
 
 on:
   push:
-    tags: [ 'v*.*.*' ]
+    tags: [ 'v*' ]
 
 env:
   # Use docker.io for Docker Hub if empty
@@ -16,15 +16,10 @@ jobs:
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-      - name: Install cosign
-        uses: sigstore/cosign-installer@v3
       - name: Log into registry ${{ env.REGISTRY }}
         uses: docker/login-action@v2
         with:
@@ -44,14 +39,3 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      # Sign the resulting Docker image digest.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        env:
-          COSIGN_EXPERIMENTAL: "true"
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}