From 9b695c1a21a94e7b6a40f5175408b8fc650e9413 Mon Sep 17 00:00:00 2001
From: bobslept <38557801+bobslept@users.noreply.github.com>
Date: Mon, 18 Sep 2023 23:30:37 +0200
Subject: [PATCH] fix: container signing (#55)

---
 .github/workflows/build-boxkit.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-boxkit.yml b/.github/workflows/build-boxkit.yml
index 5d93f3d..2d29d66 100644
--- a/.github/workflows/build-boxkit.yml
+++ b/.github/workflows/build-boxkit.yml
@@ -87,10 +87,9 @@ jobs:
       - uses: sigstore/cosign-installer@v3.1.2
 
       - name: Sign container image
+        if: github.event_name != 'pull_request'
         run: |
-          echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
-          wc -c cosign.key
-          cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
         env:
           TAGS: ${{ steps.push.outputs.digest }}
           COSIGN_EXPERIMENTAL: false