From 5a64c571b43ed76066cc31732b751fb2d28ea076 Mon Sep 17 00:00:00 2001
From: Dave Corley <smokydave@icloud.com>
Date: Sun, 19 Jan 2025 14:10:30 -0700
Subject: [PATCH] FEAT: Use keys to sign instead

---
 .github/workflows/release.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2b57c60..7ea3760 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -39,7 +39,11 @@ jobs:
 
       - uses: sigstore/cosign-installer@main
       - name: sign
-        run: cosign sign-blob -y ./target/release/${{ matrix.binary }} --bundle S3LF-${{ matrix.os }}.bundle
+        run: |
+          echo ${{ COSIGN_PUBLIC_KEY }}
+          echo ${{ COSIGN_PRIVATE_KEY }} > private.key
+          cosign sign-blob -y --key private.key ./target/release/${{ matrix.binary }} --bundle S3LF-${{ matrix.os }}.bundle
+          rm -rf private.key
 
       - name: compress
         run: 7z a -tzip ${{matrix.archive}} S3LF-${{ matrix.os }}.bundle ./target/release/${{matrix.binary}}