From 056bde64eb8f31508a56dfb6e8c6ea0feec57f7a Mon Sep 17 00:00:00 2001
From: nataliagranato <natalia.granato@jackexperts.com>
Date: Mon, 26 Aug 2024 16:39:21 -0300
Subject: [PATCH] chore: Update TAGS variable and add verification before
 signing the image

---
 .github/workflows/chainguard.yml | 41 ++++++++++++++++----------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/chainguard.yml b/.github/workflows/chainguard.yml
index 1e25f58..6bc401e 100644
--- a/.github/workflows/chainguard.yml
+++ b/.github/workflows/chainguard.yml
@@ -120,25 +120,26 @@ jobs:
     # Assinar imagem com o Cosign
     - name: Assinar imagem com uma chave
       run: |
-          if [ -z "${TAGS}" ] || [ -z "${DIGEST}" ]; then
-            echo "Erro: TAGS ou DIGEST não estão definidos."
-            exit 1
-          fi
-
-          images=""
-          for tag in ${TAGS}; do
-            images+="${tag}@${DIGEST} "
-          done
-
-          if [ -z "$images" ]; then
-            echo "Erro: Nenhuma imagem para assinar."
-            exit 1
-          fi
-
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY $images
+        TAGS="${{ steps.meta.outputs.tags }}"
+        DIGEST="${{ steps.push-docker-image.outputs.digest }}"
+
+        if [ -z "${TAGS}" ] || [ -z "${DIGEST}" ]; then
+          echo "Erro: TAGS ou DIGEST não estão definidos."
+          exit 1
+        fi
+
+        images=""
+        for tag in ${TAGS}; do
+          images+="${tag}@${DIGEST} "
+        done
+
+        if [ -z "$images" ]; then
+          echo "Erro: Nenhuma imagem para assinar."
+          exit 1
+        fi
+
+        cosign sign --yes --key env://COSIGN_PRIVATE_KEY $images
       env:
-          TAGS: ${{ steps.push-docker-image.outputs.tags }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          DIGEST: ${{ steps.push-docker-image.outputs.digest }}
+        COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}