cosign: update default cosign to v1.1.0 release

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
sigstore · Aug 26, 2021 · d70227a · d70227a
1 parent f1a4b9a
commit d70227a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ Add the following entry to your Github workflow YAML file:
 ```yaml
 uses: sigstore/cosign-installer@main
 with:
-  cosign-release: 'v1.0.0' # optional
+  cosign-release: 'v1.1.0' # optional
 ```
 
 Example using a pinned version:
@@ -27,7 +27,7 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
         with:
-          cosign-release: 'v1.0.0'
+          cosign-release: 'v1.1git.0'
       - name: Check install!
         run: cosign version
 ```

diff --git a/action.yml b/action.yml
@@ -9,14 +9,14 @@ inputs:
   cosign-release:
     description: 'Cosign release version to use in the actions.'
     required: false
-    default: 'v1.0.0'
+    default: 'v1.1.0'
 runs:
   using: "composite"
   steps:
     # We verify the version against a SHA **in the published action itself**, not in the GCS bucket.
     - run: |
-        bootstrap_version='v1.0.0'
-        expected_bootstrap_version_digest='e36a05ab402bfee5463ad4752d8dc2941204c7b01a9a9931f921e91d94ba2484'
+        bootstrap_version='v1.1.0'
+        expected_bootstrap_version_digest='c0b66f6948361f7f2c8c569d82d9471f36dd8354cf43f6bba6e578b31944127b'
         curl -L https://storage.googleapis.com/cosign-releases/${bootstrap_version}/cosign-linux-amd64 -o cosign
         shaBootstrap=$(sha256sum cosign | cut -d' ' -f1);
         if [[ $shaBootstrap != ${expected_bootstrap_version_digest} ]]; then exit 1; fi