fix: Consume digest from step output

Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
viccuad · Dec 13, 2024 · ebe1254 · ebe1254
1 parent 46ad4bf
commit ebe1254
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -57,18 +57,18 @@ jobs:
       - name: Sign container image
         run: |
           cosign sign --yes \
-            ghcr.io/${{github.repository_owner}}/audit-scanner@${{ needs.build.outputs.digest }}
+            ghcr.io/${{github.repository_owner}}/audit-scanner@${{ steps.build-image.outputs.digest }}
 
           cosign verify \
             --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
             --certificate-identity="https://github.com/${{github.repository_owner}}/audit-scanner/.github/workflows/release.yml@${{ github.ref }}" \
-            ghcr.io/${{github.repository_owner}}/audit-scanner@${{ needs.build.outputs.digest }}
+            ghcr.io/${{github.repository_owner}}/audit-scanner@${{ steps.build-image.outputs.digest }}
       - id: setoutput
         name: Set output parameters
         run: |
           echo "repository=ghcr.io/${{github.repository_owner}}/audit-scanner" >> $GITHUB_OUTPUT
           echo "tag=${{ env.TAG_NAME }}" >> $GITHUB_OUTPUT
-          echo "digest=${{ needs.build.outputs.digest }}" >> $GITHUB_OUTPUT
+          echo "digest=${{ steps.build-image.outputs.digest }}" >> $GITHUB_OUTPUT
 
   attestation:
     name: Fetch, sign and verify SBOM and provenance files