Closed viccuad closed 1 year ago
Cosign 2.0 was released last week (yay!) but, as expected because semver, it's not backwards compatible (nay!).
Pin cosign-installer GHA so it downloads cosign 1.. Latest [cosign-installer downloads cosign 2.](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.0).
I know this works, because I needed to do this to release my own unrelated viccuad/kwctl: https://github.com/viccuad/kwctl/actions/runs/4315689467/jobs/7530608694
Description
Cosign 2.0 was released last week (yay!) but, as expected because semver, it's not backwards compatible (nay!).
Pin cosign-installer GHA so it downloads cosign 1.. Latest [cosign-installer downloads cosign 2.](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.0).
Test
I know this works, because I needed to do this to release my own unrelated viccuad/kwctl: https://github.com/viccuad/kwctl/actions/runs/4315689467/jobs/7530608694
Additional Information
Tradeoff
Potential improvement