From 8f027f12095543765e15256c371ca5a39490c001 Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Sat, 28 May 2022 18:59:48 -0500
Subject: [PATCH] :seedling: Signing scorecard images using cosign

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .github/workflows/publishimage.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml
index 3bcd3ffcb404..2645d294f4ed 100644
--- a/.github/workflows/publishimage.yml
+++ b/.github/workflows/publishimage.yml
@@ -20,9 +20,12 @@ permissions:
   packages: write
 
 on:
+  pull_request:
+    - main
   push:
     branches:
       - main
+  worflow_dispatch:
 env:
   GO_VERSION: 1.17.7
 
@@ -59,7 +62,7 @@ jobs:
             make install
             make scorecard-ko
      - name: Install Cosign
-       uses: sigstore/cosign-installer@f700e6fbbab82f6897758a3af7a8dede4e308656 # v1.2.1
+       uses: sigstore/cosign-installer@f700e6fbbab82f6897758a3af7a8dede4e308656
      - name: Sign image
-        run: |
-          cosign sign ghcr.io/${{github.repository_owner}}/stunning-tribble:${{ github.sha }}
+       run: |
+          cosign sign ghcr.io/${{github.repository_owner}}/scorecard:${{ github.sha }}