Update release.yml

Signed-off-by: KhulnaSoft bot <[email protected]>

.github/workflows/release.yml

@@ -3,12 +3,10 @@ name: Release
 on:
   push:
     branches: [ "master" ]
-    # Publish semver tags as releases.
     tags: [ 'v*.*.*' ]
   workflow_dispatch:
 
 env:
-  # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
@@ -17,41 +15,32 @@ jobs:
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio
       id-token: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Install the cosign tool
-      # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         uses: sigstore/[email protected]
 
-      # https://github.com/docker/setup-buildx-action
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v3
 
-      # https://github.com/docker/login-action
       - name: Login to GHCR
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # https://github.com/docker/login-action
       - name: Login to docker hub
         uses: docker/login-action@v1
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -60,8 +49,6 @@ jobs:
             ghcr.io/${{ env.IMAGE_NAME }}
             ${{ env.IMAGE_NAME }}
 
-      # Build and push Docker image with Buildx
-      # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
         uses: docker/build-push-action@v5
@@ -74,24 +61,27 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      # Update Docker Hub repository description from README.md
-      # https://github.com/peter-evans/dockerhub-description
       - name: Update docker hub description
         uses: peter-evans/[email protected]
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
-      # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
         run: |
-          echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
+          IMAGE_TAGS="${{ steps.meta.outputs.tags }}"
+          DIGEST="${{ steps.build-and-push.outputs.digest }}"
+          for TAG in $IMAGE_TAGS; do
+            cosign sign --yes "$TAG@$DIGEST"
+          done
 
       - name: Verify the signature of the published Docker image
         env:
           IDENTITY: "https://github.com/khulnasoft/deployflow/.github/workflows/release.yml@.*"
           OIDC_ISSUER: "https://token.actions.githubusercontent.com"
         run: |
-          echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign verify {}@${{ steps.build-and-push.outputs.digest }} --certificate-identity-regexp=$IDENTITY --certificate-oidc-issuer=$OIDC_ISSUER
+          IMAGE_TAGS="${{ steps.meta.outputs.tags }}"
+          DIGEST="${{ steps.build-and-push.outputs.digest }}"
+          for TAG in $IMAGE_TAGS; do
+            cosign verify "$TAG@$DIGEST" --certificate-identity-regexp=$IDENTITY --certificate-oidc-issuer=$OIDC_ISSUER
+          done