Merge pull request #207 from aclerici38/fix-cosign

fix(chart): properly extract digest for cosign

Author: squat

.github/workflows/cd-helm-release.yml

@@ -50,16 +50,17 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push chart to OCI registry
+        id: push
         if: steps.cr.outputs.changed_charts != ''
-        run: helm push .cr-release-packages/*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts
+        run: |
+          out=$(helm push .cr-release-packages/*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts)
+          echo "$out"
+          echo "digest=$(awk '/^Digest:/ {print $2}' <<<"$out")" >> "$GITHUB_OUTPUT"
 
       - name: Install Cosign
         if: steps.cr.outputs.changed_charts != ''
         uses: sigstore/cosign-installer@v4.1.2
 
       - name: Sign chart
         if: steps.cr.outputs.changed_charts != ''
-        run: |
-          ref=ghcr.io/${{ github.repository_owner }}/charts/generic-device-plugin
-          digest=$(docker buildx imagetools inspect "${ref}:${{ steps.cr.outputs.chart_version }}" --format '{{.Manifest.Digest}}')
-          cosign sign --yes "${ref}@${digest}"
+        run: cosign sign --yes "ghcr.io/${{ github.repository_owner }}/charts/generic-device-plugin@${{ steps.push.outputs.digest }}"