From 4a69e93c595ac7243aeb3d3e7191bd30708d3965 Mon Sep 17 00:00:00 2001
From: RJ Sampson <rj.sampson@chainguard.dev>
Date: Mon, 1 Jul 2024 20:24:11 -0600
Subject: [PATCH] feat: Pull latest cosign binary from Chainguard

Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>
---
 sign/action.yml   | 6 +++++-
 verify/action.yml | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sign/action.yml b/sign/action.yml
index 998c7a5..85d2837 100644
--- a/sign/action.yml
+++ b/sign/action.yml
@@ -29,7 +29,11 @@ runs:
         password: ${{ inputs.registry-token }}
 
     - name: Install cosign
-      uses: sigstore/cosign-installer@v3.5.0
+      shell: bash
+      run: |
+        docker pull cgr.dev/chainguard/cosign:latest
+        docker run -d --name cosign cgr.dev/chainguard/cosign:latest
+        docker cp cosign:/usr/bin/cosign /usr/local/bin/cosign
 
     - name: Sign container image
       shell: bash
diff --git a/verify/action.yml b/verify/action.yml
index 1d14886..647fd78 100644
--- a/verify/action.yml
+++ b/verify/action.yml
@@ -27,7 +27,11 @@ runs:
   using: "composite"
   steps:
     - name: Install cosign
-      uses: sigstore/cosign-installer@v3.5.0
+      shell: bash
+      run: |
+        docker pull cgr.dev/chainguard/cosign:latest
+        docker run -d --name cosign cgr.dev/chainguard/cosign:latest
+        docker cp cosign:/usr/bin/cosign /usr/local/bin/cosign
 
     - name: Verify container
       shell: bash