From edaeeaa8685466090e45fe129a7f0d8c0de7cf35 Mon Sep 17 00:00:00 2001
From: Carolina Delwing Rosa <carolina.delwing@spectrocloud.com>
Date: Mon, 8 Jan 2024 15:09:06 -0300
Subject: [PATCH 1/2] fix: added image signing

---
 .github/workflows/release.yaml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 01f0c19..e08963f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -62,6 +62,7 @@ jobs:
     - name: Build and push
       if: ${{ steps.dependencies.outputs.VERSION != ''}}
       uses: docker/build-push-action@v2
+      id: build-and-push
       with:
         context: .
         build-args: |
@@ -74,7 +75,23 @@ jobs:
         platforms: linux/amd64,linux/arm64
         push: true
         tags: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
-          
+    
+    - uses: sigstore/cosign-installer@v3.3.0
+
+    - name: Image Signing
+        run: |
+          cosign sign --yes \
+          -a "repo=${{ github.repository }}" \
+          -a "workflow=${{ github.workflow }}" \
+          -a "ref=${{ github.sha }}" \
+          -a "owner=Spectro Cloud" \
+          --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
+        env:
+          TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
 
   release:
     name: "Release"

From 08faa1ea92f35ac55f714abc56058cd2a5a1b779 Mon Sep 17 00:00:00 2001
From: Carolina Delwing Rosa <carolina.delwing@spectrocloud.com>
Date: Mon, 8 Jan 2024 15:24:51 -0300
Subject: [PATCH 2/2] fix: fixed indentation - DOC-965

---
 .github/workflows/release.yaml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e08963f..da0d361 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -79,18 +79,18 @@ jobs:
     - uses: sigstore/cosign-installer@v3.3.0
 
     - name: Image Signing
-        run: |
-          cosign sign --yes \
-          -a "repo=${{ github.repository }}" \
-          -a "workflow=${{ github.workflow }}" \
-          -a "ref=${{ github.sha }}" \
-          -a "owner=Spectro Cloud" \
-          --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
-        env:
-          TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+      run: |
+        cosign sign --yes \
+        -a "repo=${{ github.repository }}" \
+        -a "workflow=${{ github.workflow }}" \
+        -a "ref=${{ github.sha }}" \
+        -a "owner=Spectro Cloud" \
+        --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
+      env:
+        AGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
+        COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        DIGEST: ${{ steps.build-and-push.outputs.digest }}
 
 
   release: