v1.0.1 #23

	on:
	## This workflow only runs on the default branch
	release:
	types: [published]

	jobs:
	sign:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	name: Sign Chart
	steps:
	- name: Checkout
	uses: actions/checkout@main
	with:
	fetch-depth: 0
	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Install Cosign
	uses: sigstore/cosign-installer@v3.7.0
	- name: Check Cosign
	run: cosign version
	- name: Get latest tag
	run: echo "LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1` \| tr -d 'v')" >> $GITHUB_ENV
	- name: Get digest
	run: \|
	DIGEST=$(curl "https://hub.docker.com/v2/repositories/snyk/snyk-universal-broker/tags/${LATEST_TAG}" \| jq '.digest' -r)
	echo "DIGEST=${DIGEST}" >> $GITHUB_ENV
	- name: Cosign with OIDC
	run: \|
	cosign sign --yes snyk/snyk-universal-broker@${DIGEST}
	cosign sign --yes snyk/snyk-universal-broker:${LATEST_TAG}
	- name: Verify signature
	run: \|
	cosign verify snyk/snyk-universal-broker@${DIGEST} --certificate-identity-regexp="https://github.com/snyk/snyk-universal-broker-helm/.*" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
	cosign verify snyk/snyk-universal-broker:${LATEST_TAG} --certificate-identity-regexp="https://github.com/snyk/snyk-universal-broker-helm/.*" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

Provide feedback