🌱 Signing scorecard images using cosign

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

.github/workflows/publishimage.yml

@@ -20,18 +20,21 @@ permissions:
   packages: write
 
 on:
+  pull_request:
+    branches:
+      - main
   push:
     branches:
       - main
 env:
   GO_VERSION: 1.17.7
 
 jobs:
-  env:
-    COSIGN_EXPERIMENTAL: "true"
   unit-test:
     name: publishimage
     runs-on: ubuntu-latest
+    env:
+      COSIGN_EXPERIMENTAL: "true"
     steps:
      - name: Harden Runner
        uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1
@@ -59,7 +62,7 @@ jobs:
             make install
             make scorecard-ko
      - name: Install Cosign
-       uses: sigstore/cosign-installer@f700e6fbbab82f6897758a3af7a8dede4e308656 # v1.2.1
+       uses: sigstore/cosign-installer@f700e6fbbab82f6897758a3af7a8dede4e308656
      - name: Sign image
-        run: |
-          cosign sign ghcr.io/${{github.repository_owner}}/stunning-tribble:${{ github.sha }}
+       run: |
+          cosign sign ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }}