From cdbf22a72b5b506184bd7069267162e7ab648a00 Mon Sep 17 00:00:00 2001
From: Anders Blockmar <anders.blockmar@qapital.com>
Date: Thu, 19 Dec 2024 11:27:14 +0100
Subject: [PATCH] Looping container image signing

---
 .github/workflows/release.yaml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 03af7e0a..49d5ee88 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -37,10 +37,14 @@ jobs:
           KO_DEFAULTBASEIMAGE: cgr.dev/chainguard/busybox
           KO_DEFAULTPLATFORMS: linux/arm64,linux/amd64
       - run: |
-          echo "signing $(cat allstar.ref)"
-          cosign sign --yes -a git_sha="$GITHUB_SHA" "$(cat allstar.ref)"
-          echo "signing $(cat allstar-busybox.ref)"
-          cosign sign --yes -a git_sha="$GITHUB_SHA" "$(cat allstar-busybox.ref)"
+          while read ref; do
+            echo "signing $ref"
+            cosign sign --yes -a git_sha="$GITHUB_SHA" "$ref"
+          done < allstar.ref
+          while read ref; do
+            echo "signing $ref"
+            cosign sign --yes -a git_sha="$GITHUB_SHA" "$ref"
+          done < allstar-busybox.ref
 
       - run: |
           gh release create ${{ github.ref_name }} --notes "Images: