From 6c0d7886a73bd7829f928ec13a41bb4bffb3ad8c Mon Sep 17 00:00:00 2001
From: Martin Bruzina <martin@bruzina.cz>
Date: Tue, 9 Dec 2025 13:11:30 +0100
Subject: [PATCH] feat: signing 5

---
 .github/workflows/release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3bfbfb4..fc400b3 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -125,7 +125,7 @@ jobs:
 
     - name: Attest Docker image
       env:
-        COSIGN_PASSWORD: ""
+        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
       run: |
         IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/cpp-cli"
         V_TAG="${IMAGE_NAME}:v${{ needs.semantic-release.outputs.next-version }}"
@@ -134,7 +134,7 @@ jobs:
     - name: Verify attestation
       env:
         COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
-        COSIGN_PASSWORD: ""
+        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
       run: |
         echo "$COSIGN_PUBLIC_KEY" > cosign.pub
         IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/cpp-cli"