From 116dc6872c0a067bcb78758f18955414cdbf918f Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Fri, 10 Dec 2021 18:41:40 +0100
Subject: [PATCH] update cosign to v1.4.1` (#39)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
---
 README.md  | 4 ++--
 action.yml | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index f3aa853..bd38fdd 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Add the following entry to your Github workflow YAML file:
 ```yaml
 uses: sigstore/cosign-installer@main
 with:
-  cosign-release: 'v1.4.0' # optional
+  cosign-release: 'v1.4.1' # optional
 ```
 
 Example using a pinned version:
@@ -40,7 +40,7 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
         with:
-          cosign-release: 'v1.4.0'
+          cosign-release: 'v1.4.1'
       - name: Check install!
         run: cosign version
 ```
diff --git a/action.yml b/action.yml
index 8494d86..9df9cb9 100644
--- a/action.yml
+++ b/action.yml
@@ -9,7 +9,7 @@ inputs:
   cosign-release:
     description: 'Cosign release version to use in the actions.'
     required: false
-    default: 'v1.4.0'
+    default: 'v1.4.1'
 runs:
   using: "composite"
   steps:
@@ -20,8 +20,8 @@ runs:
         mkdir -p $HOME/.cosign
         pushd $HOME/.cosign
 
-        bootstrap_version='v1.4.0'
-        expected_bootstrap_version_digest='bac6a2dee9100f5708226179466e0dad45e76291ef0d70b929ca52fe59a1ae0d'
+        bootstrap_version='v1.4.1'
+        expected_bootstrap_version_digest='08ba779a4e6ff827079abed1a6d1f0a0d9e48aea21f520ddeb42ff912f59d268'
         curl -L https://storage.googleapis.com/cosign-releases/${bootstrap_version}/cosign-linux-amd64 -o cosign
         shaBootstrap=$(sha256sum cosign | cut -d' ' -f1);
         if [[ $shaBootstrap != ${expected_bootstrap_version_digest} ]]; then exit 1; fi