update build workflow with signing

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

.github/workflows/build.yaml

@@ -61,7 +61,10 @@ jobs:
         #   labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm/v7,linux/arm64
 
-      # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.4.0
+
       - name: Sign image with a key
         run: |
           images=""
@@ -78,7 +81,7 @@ jobs:
       - name: Sign the images with GitHub OIDC Token
         env:
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
-          TAGS: ${{ steps.meta.tags }}
+          TAGS: ${{ steps.meta.outputs.tags }}
         run: |
           images=""
           for tag in ${TAGS}; do