From 53869f2cbfca3551b93b271b67dffdff12697070 Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Fri, 12 Apr 2024 17:02:33 -0500
Subject: [PATCH] chore(ci): expect signing by default

---
 .github/workflows/build.yml | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8840974..d5be3bc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -138,14 +138,12 @@ jobs:
 
       # Sign container
 
-      #- uses: sigstore/cosign-installer@v3.4.0
-      #  if: github.event_name != 'pull_request'
-
-      #- name: Sign container image
-      #  if: github.event_name != 'pull_request'
-      #  run: |
-      #    cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
-      #  env:
-      #    TAGS: ${{ steps.push.outputs.digest }}
-      #    COSIGN_EXPERIMENTAL: false
-      #    COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+      - name: Sign container image
+        uses: sigstore/cosign-installer@v3.4.0
+        if: github.event_name != 'pull_request'
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+        env:
+          TAGS: ${{ steps.push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}