From 541bd930bdd27d4d33556460d66187580d4badec Mon Sep 17 00:00:00 2001
From: Tobias Lindberg <tobias.ehlert@gmail.com>
Date: Sun, 7 Dec 2025 12:13:11 +0100
Subject: [PATCH] ci(fix): temporary removing cosign verification

---
 .github/workflows/build.yml | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1911310..552c998 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -239,21 +239,21 @@ jobs:
           docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.docker_meta.outputs.version }} --format '{{ json (index .SBOM "linux/amd64") }}'
           echo "::endgroup::"
 
-      - name: Verify cosign signatures
-        run: |
-          echo "::group::Verify signature (DockerHub)"
-          cosign verify --rekor-url https://rekor.sigstore.dev \
-            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
-            ${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
-          echo "::endgroup::"
-
-          echo "::group::Verify signature (GitHub Container Registry)"
-          cosign verify --rekor-url https://rekor.sigstore.dev \
-            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
-            ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
-          echo "::endgroup::"
+      # - name: Verify cosign signatures
+      #   run: |
+      #     echo "::group::Verify signature (DockerHub)"
+      #     cosign verify --rekor-url https://rekor.sigstore.dev \
+      #       --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+      #       --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
+      #       ${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
+      #     echo "::endgroup::"
+
+      #     echo "::group::Verify signature (GitHub Container Registry)"
+      #     cosign verify --rekor-url https://rekor.sigstore.dev \
+      #       --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+      #       --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
+      #       ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
+      #     echo "::endgroup::"
 
   argocd:
     if: github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')