build: sign and verify only with referrers API

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

Author: crazy-max

.github/workflows/build.yml

@@ -166,7 +166,7 @@ jobs:
                 images.push(`${tag}@${digest}`);
               }
             }
-            await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', ...images], {
+            await exec.getExecOutput('cosign', ['-d', 'sign', '--yes', '--registry-referrers-mode', 'oci-1-1', ...images], {
               ignoreReturnCode: true
             }).then(res => {
               if (res.stderr.length > 0 && res.exitCode != 0) {
@@ -187,7 +187,7 @@ jobs:
             for (const tag of tags) {
               for (const digest of digests) {
                 await core.group(`Verifying ${tag}@${digest}`, async () => {
-                  await exec.getExecOutput('cosign', ['-d', 'verify', '--certificate-identity-regexp', `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`, '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com', `${tag}@${digest}`], {
+                  await exec.getExecOutput('cosign', ['-d', 'verify', '--experimental-oci11', '--certificate-identity-regexp', `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`, '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com', `${tag}@${digest}`], {
                     ignoreReturnCode: true
                   }).then(res => {
                     if (res.stderr.length > 0 && res.exitCode != 0) {