From b3bd158bdb9cfa2ca06d4dbcaf019a98a7d9ffc4 Mon Sep 17 00:00:00 2001
From: Jason Hall <jasonhall@redhat.com>
Date: Wed, 22 Dec 2021 09:28:50 -0500
Subject: [PATCH] Use ${{github.repository}} placeholder in OIDC GitHub
 workflow (#1244)

With sigstore/cosign hard-coded, when someone forks the repo they start
running the workflow every day, which fails because their repo
(hopefully) can't push to ghcr.io/sigstore/cosign.

Using a variable instead means they'll push to their own GHCR namespace.

Signed-off-by: Jason Hall <jasonhall@redhat.com>
---
 .github/workflows/github-oidc.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/github-oidc.yaml b/.github/workflows/github-oidc.yaml
index 99661d1d3f3..c8b6380e525 100644
--- a/.github/workflows/github-oidc.yaml
+++ b/.github/workflows/github-oidc.yaml
@@ -32,7 +32,7 @@ jobs:
       GIT_VERSION: latest
       GITHUB_RUN_ID: ${{ github.run_id }}
       GITHUB_RUN_ATTEMPT: ${{ github.run_attempt }}
-      KO_PREFIX: ghcr.io/sigstore/cosign
+      KO_PREFIX: ghcr.io/${{ github.repository }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2