fix signing

.github/workflows/docker-publish.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         board:
-          - milkv-duo
+        #  - milkv-duo
         #  - milkv-duo-lite
           - milkv-duo256m
         #  - milkv-duo256m-lite
@@ -62,19 +62,33 @@ jobs:
             type=sha
 
       - name: Build and push Docker image
+        id: build-and-push
         uses: docker/[email protected]
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          build-args: BOARD=${{ matrix.board }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
       - name: Sign the published Docker image
         if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          TAGS="${{ steps.meta.outputs.tags }}"
+          DIGEST="${{ steps.build-and-push.outputs.digest }}"
+          if [[ -n "$DIGEST" ]]; then
+            # Sign by digest
+            echo "Signing by digest"
+            cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@$DIGEST
+          elif [[ -n "$TAGS" ]]; then
+            # Sign by tags
+            echo "Signing by tags"
+            IFS=',' read -ra TAG_ARRAY <<< "$TAGS"
+            for tag in "${TAG_ARRAY[@]}"; do
+              cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$tag
+            done
+          else
+            echo "No tags or digest available for signing"
         env:
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+          COSIGN_EXPERIMENTAL: "true"