From 7f5e79ce83cfbc1f56ac1f50e9d4401c7b709620 Mon Sep 17 00:00:00 2001
From: frank zhu <fr@nkzhu.com>
Date: Fri, 16 Aug 2024 13:43:13 -0500
Subject: [PATCH] use keyless signing

---
 .goreleaser.develop.yaml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.goreleaser.develop.yaml b/.goreleaser.develop.yaml
index d1ee461755a..7cff5b47cff 100644
--- a/.goreleaser.develop.yaml
+++ b/.goreleaser.develop.yaml
@@ -186,8 +186,15 @@ docker_manifests:
 
 # See https://goreleaser.com/customization/docker_sign/
 docker_signs:
-  - artifacts: all
-    stdin: "{{ .Env.COSIGN_PASSWORD }}"
+  - cmd: cosign
+    env:
+    - COSIGN_EXPERIMENTAL=1
+    artifacts: all
+    args:
+      - 'sign'
+      - '--oidc-issuer=https://token.actions.githubusercontent.com'
+      - 'artifact'
+    # stdin: "{{ .Env.COSIGN_PASSWORD }}"
 
 checksum:
   name_template: "checksums.txt"