diff --git a/.github/workflows/release-verification.yml b/.github/workflows/release-verification.yml index 79f8865..6eec086 100644 --- a/.github/workflows/release-verification.yml +++ b/.github/workflows/release-verification.yml @@ -34,7 +34,7 @@ jobs: cosign verify-blob \ --certificate checksums.txt.pem \ --signature checksums.txt.sig \ - --certificate-identity-regexp '^https://github.com/$GITHUB_REPOSITORY/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ + --certificate-identity-regexp '^https://github.com/janfuhrer/podsalsa/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ checksums.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fe92d0a..8dffd29 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -167,7 +167,7 @@ jobs: set -euo pipefail COSIGN_REPOSITORY=ghcr.io/$REPOSITORY/signatures cosign verify \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ - --certificate-identity-regexp '^https://github.com/$GITHUB_REPOSITORY/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ + --certificate-identity-regexp '^https://github.com/janfuhrer/podsalsa/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ $IMAGE@$DIGEST - name: Verify sbom of image @@ -180,6 +180,6 @@ jobs: COSIGN_REPOSITORY=ghcr.io/$REPOSITORY/sbom cosign verify-attestation \ --type cyclonedx \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ - --certificate-identity-regexp '^https://github.com/$GITHUB_REPOSITORY/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ + --certificate-identity-regexp '^https://github.com/janfuhrer/podsalsa/.github/workflows/release.yml@refs/tags/v[0-9]+.[0-9]+.[0-9]+(-rc.[0-9]+)?$' \ --policy policy-sbom.cue \ $IMAGE@$DIGEST