From 60b8d38061b0d00e3eab143583c57afb03124155 Mon Sep 17 00:00:00 2001
From: Hayden B <hblauzvern@google.com>
Date: Mon, 6 Mar 2023 15:10:25 -0800
Subject: [PATCH 1/3] Update cloudbuild for cosign 2.0

Missing identity flags, would have been noticed when we cut a release

Signed-off-by: Hayden B <hblauzvern@google.com>
---
 release/cloudbuild.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml
index 317ac35f6..b589a026e 100644
--- a/release/cloudbuild.yaml
+++ b/release/cloudbuild.yaml
@@ -40,6 +40,10 @@ steps:
   args:
   - 'verify'
   - 'ghcr.io/gythialy/golang-cross:v1.20.1-1@sha256:38af1ee9c64749dc4a456494aae853760f2db50648e955648bdeca8ef260215f'
+  - '--certificate-oidc-issuer'
+  - "https://token.actions.githubusercontent.com"
+  - '--certificate-identity'
+  - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.20.1-0"
 
 - name: ghcr.io/gythialy/golang-cross:v1.20.1-1@sha256:38af1ee9c64749dc4a456494aae853760f2db50648e955648bdeca8ef260215f
   entrypoint: /bin/sh

From e881ec87dfc223c031514199b541e82ddc63de2c Mon Sep 17 00:00:00 2001
From: Hayden B <hblauzvern@google.com>
Date: Mon, 6 Mar 2023 15:12:04 -0800
Subject: [PATCH 2/3] Update cloudbuild.yaml

Signed-off-by: Hayden B <hblauzvern@google.com>
---
 release/cloudbuild.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml
index b589a026e..bac017e2f 100644
--- a/release/cloudbuild.yaml
+++ b/release/cloudbuild.yaml
@@ -43,7 +43,7 @@ steps:
   - '--certificate-oidc-issuer'
   - "https://token.actions.githubusercontent.com"
   - '--certificate-identity'
-  - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.20.1-0"
+  - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.20.1-1"
 
 - name: ghcr.io/gythialy/golang-cross:v1.20.1-1@sha256:38af1ee9c64749dc4a456494aae853760f2db50648e955648bdeca8ef260215f
   entrypoint: /bin/sh

From d2b5ff90b53b0f0eb4cfd6243449c6706a0881af Mon Sep 17 00:00:00 2001
From: Hayden B <hblauzvern@google.com>
Date: Mon, 6 Mar 2023 15:24:04 -0800
Subject: [PATCH 3/3] Update cloudbuild.yaml

Signed-off-by: Hayden B <hblauzvern@google.com>
---
 release/cloudbuild.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml
index bac017e2f..9320e58b2 100644
--- a/release/cloudbuild.yaml
+++ b/release/cloudbuild.yaml
@@ -35,7 +35,6 @@ steps:
 - name: 'gcr.io/projectsigstore/cosign:v2.0.0@sha256:728944a9542a7235b4358c4ab2bcea855840e9d4b9594febca5c2207f5da7f38'
   dir: "go/src/sigstore/rekor"
   env:
-  - COSIGN_EXPERIMENTAL=true
   - TUF_ROOT=/tmp
   args:
   - 'verify'
@@ -58,7 +57,7 @@ steps:
   - KEY_VERSION=${_KEY_VERSION}
   - GIT_TAG=${_GIT_TAG}
   - GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
-  - COSIGN_EXPERIMENTAL=true
+  - COSIGN_YES=true
   - KO_PREFIX=gcr.io/${PROJECT_ID}
   secretEnv:
   - GITHUB_TOKEN