From 1ae28867e52c36d1f57627119b82427335449e4d Mon Sep 17 00:00:00 2001
From: Martin Bruzina <martin@bruzina.cz>
Date: Tue, 9 Dec 2025 12:55:42 +0100
Subject: [PATCH] feat: signing 4

---
 .github/workflows/release.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e5cce62..3bfbfb4 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -124,6 +124,8 @@ jobs:
         chmod 600 cosign.key
 
     - name: Attest Docker image
+      env:
+        COSIGN_PASSWORD: ""
       run: |
         IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/cpp-cli"
         V_TAG="${IMAGE_NAME}:v${{ needs.semantic-release.outputs.next-version }}"
@@ -132,6 +134,7 @@ jobs:
     - name: Verify attestation
       env:
         COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
+        COSIGN_PASSWORD: ""
       run: |
         echo "$COSIGN_PUBLIC_KEY" > cosign.pub
         IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/cpp-cli"