diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
index ec2afda..3f67186 100644
--- a/.github/workflows/test-action.yml
+++ b/.github/workflows/test-action.yml
@@ -241,3 +241,29 @@ jobs:
             exit 0
           fi
 
+  test_cosign_with_go_install:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: none
+      checks: none
+      contents: none
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+    name: Try to install cosign with go
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v2
+      with:
+        go-version: '1.17.x'
+    - name: Install Cosign
+      uses: ./
+      with:
+        cosign-release: 'main'
+    - name: Check install!
+      run: cosign version
+
diff --git a/README.md b/README.md
index 2a4a4a2..a27c0ba 100644
--- a/README.md
+++ b/README.md
@@ -27,15 +27,6 @@ jobs:
 
     permissions:
       actions: none
-      checks: none
-      contents: none
-      deployments: none
-      issues: none
-      packages: none
-      pull-requests: none
-      repository-projects: none
-      security-events: none
-      statuses: none
 
     name: Install Cosign and test presence in path
     steps:
@@ -56,15 +47,6 @@ jobs:
 
     permissions:
       actions: none
-      checks: none
-      contents: none
-      deployments: none
-      issues: none
-      packages: none
-      pull-requests: none
-      repository-projects: none
-      security-events: none
-      statuses: none
 
     name: Install Cosign and test presence in path
     steps:
@@ -88,16 +70,8 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
-      actions: none
-      checks: none
       contents: read
-      deployments: none
-      issues: none
       packages: write
-      pull-requests: none
-      repository-projects: none
-      security-events: none
-      statuses: none
       id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
 
     name: Install Cosign and test presence in path
diff --git a/action.yml b/action.yml
index 5487c24..c6386c4 100644
--- a/action.yml
+++ b/action.yml
@@ -33,6 +33,12 @@ runs:
           alias log_error="echo \"ERROR:\""
         fi
         set -e
+        
+        if [[ ${{ inputs.cosign-release }} == "main" ]]; then
+          echo "INFO: installing cosign via go install from its main version"
+          go install github.com/sigstore/cosign/cmd/cosign@main
+          exit 0
+        fi
 
         bootstrap_version='v1.4.1'    
         bootstrap_linux_amd64_sha='08ba779a4e6ff827079abed1a6d1f0a0d9e48aea21f520ddeb42ff912f59d268'