From c1edd1411418aa7d5d5655a34a36071c0b82559f Mon Sep 17 00:00:00 2001 From: Gabriel J Mendoza Date: Fri, 20 Mar 2026 10:45:18 -0400 Subject: [PATCH 1/7] Update Splunk Enterprise version from 10.0.0 to 10.2.0 Co-Authored-By: Claude Opus 4.6 --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 28360f2d8..599249271 100644 --- a/.env +++ b/.env @@ -8,4 +8,4 @@ EKSCTL_VERSION=v0.215.0 EKS_CLUSTER_K8_VERSION=1.34 EKS_INSTANCE_TYPE=m5.2xlarge EKS_INSTANCE_TYPE_ARM64=c6g.4xlarge -SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.0.0 \ No newline at end of file +SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.2.0 \ No newline at end of file From c4c3374f02be9f4f2f3124b7ceee837921a14bd0 Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 13:53:46 -0500 Subject: [PATCH 2/7] add id-token: write to permissions --- .github/workflows/automated-release-workflow.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 3c9bd63d1..ff73ee4d6 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -22,8 +22,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + id-token: write pull-requests: write - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/hotfix/release-workflow-perms' env: SPLUNK_OPERATOR_RC_IMAGE_NAME: splunk/splunk-operator-rc steps: From 9124d5e78dc5e2addc50b798c5ff5dfa257bbe3f Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 14:03:14 -0500 Subject: [PATCH 3/7] add COSIGN_DOCKER_MEDIA_TYPES to signing steps --- .../workflows/automated-release-workflow.yml | 60 ++++++++++--------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index ff73ee4d6..0d99fe8a6 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -81,34 +81,34 @@ jobs: sudo chmod +x operator-sdk_${OS}_${ARCH} sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk - - name: Generate Release Artifacts - run: | - make generate-artifacts IMG=splunk/splunk-operator:${{ github.event.inputs.release_version }} VERSION=${{ github.event.inputs.release_version }} SPLUNK_ENTERPRISE_IMAGE=splunk/splunk:${{ github.event.inputs.enterprise_version }} - - - name: Upload Release Artifacts - uses: actions/upload-artifact@v6 - with: - name: "release-artifacts-${{ github.event.inputs.release_version }}" - path: "release-**" - - - name: Generate Release Notes - run: | - a=`cat docs/ChangeLog.md | grep -n -m2 "^##" | awk -F":" '{print $1}' | tail -1` - a=`expr $a - 1` - sed -n "4,${a}p" docs/ChangeLog.md >> docs/ReleaseNotes.md >> docs/ReleaseNotes.md - - - name: Create Release - uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 - with: - artifacts: "release-${{ github.event.inputs.release_version }}/splunk-operator-cluster.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-namespace.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-crds.yaml" - bodyFile: "docs/ReleaseNotes.md" - tag: "${{ github.event.inputs.release_version }}" - draft: true - - - name: Promote RC Image to Release - run: | - regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:latest + # - name: Generate Release Artifacts + # run: | + # make generate-artifacts IMG=splunk/splunk-operator:${{ github.event.inputs.release_version }} VERSION=${{ github.event.inputs.release_version }} SPLUNK_ENTERPRISE_IMAGE=splunk/splunk:${{ github.event.inputs.enterprise_version }} + + # - name: Upload Release Artifacts + # uses: actions/upload-artifact@v6 + # with: + # name: "release-artifacts-${{ github.event.inputs.release_version }}" + # path: "release-**" + + # - name: Generate Release Notes + # run: | + # a=`cat docs/ChangeLog.md | grep -n -m2 "^##" | awk -F":" '{print $1}' | tail -1` + # a=`expr $a - 1` + # sed -n "4,${a}p" docs/ChangeLog.md >> docs/ReleaseNotes.md >> docs/ReleaseNotes.md + + # - name: Create Release + # uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 + # with: + # artifacts: "release-${{ github.event.inputs.release_version }}/splunk-operator-cluster.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-namespace.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-crds.yaml" + # bodyFile: "docs/ReleaseNotes.md" + # tag: "${{ github.event.inputs.release_version }}" + # draft: true + + # - name: Promote RC Image to Release + # run: | + # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:latest - name: Sign Splunk Operator image with a key run: | @@ -116,12 +116,14 @@ jobs: env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Splunk Operator image with a key run: | cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Promote Distroless RC Image to Release run: | @@ -133,10 +135,12 @@ jobs: env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Distroless Splunk Operator image with a key run: | cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + COSIGN_DOCKER_MEDIA_TYPES: "1" From e095a42b21db0d1d19526ba539984d4e27e876a8 Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 14:11:37 -0500 Subject: [PATCH 4/7] use --recursive for signing distroless image --- .../workflows/automated-release-workflow.yml | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 0d99fe8a6..697000809 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -110,28 +110,28 @@ jobs: # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:latest - - name: Sign Splunk Operator image with a key - run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - env: - COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - COSIGN_DOCKER_MEDIA_TYPES: "1" + # - name: Sign Splunk Operator image with a key + # run: | + # cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + # env: + # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + # COSIGN_DOCKER_MEDIA_TYPES: "1" - - name: Verify Splunk Operator image with a key - run: | - cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - env: - COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} - COSIGN_DOCKER_MEDIA_TYPES: "1" + # - name: Verify Splunk Operator image with a key + # run: | + # cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + # env: + # COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + # COSIGN_DOCKER_MEDIA_TYPES: "1" - - name: Promote Distroless RC Image to Release - run: | - regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + # - name: Promote Distroless RC Image to Release + # run: | + # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless - name: Sign Distroless Splunk Operator image with a key run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} @@ -139,7 +139,7 @@ jobs: - name: Verify Distroless Splunk Operator image with a key run: | - cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + cosign verify --key env://COSIGN_PUBLIC_KEY --recursive splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} COSIGN_DOCKER_MEDIA_TYPES: "1" From 0f9367af3a8dbaf45633c5d8f861c2911eed0d67 Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 14:15:02 -0500 Subject: [PATCH 5/7] remove --recursive from cosign verify --- .github/workflows/automated-release-workflow.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 697000809..87f7a5298 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -129,17 +129,17 @@ jobs: # run: | # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless - - name: Sign Distroless Splunk Operator image with a key - run: | - cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless - env: - COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - COSIGN_DOCKER_MEDIA_TYPES: "1" + # - name: Sign Distroless Splunk Operator image with a key + # run: | + # cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + # env: + # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + # COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Distroless Splunk Operator image with a key run: | - cosign verify --key env://COSIGN_PUBLIC_KEY --recursive splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} COSIGN_DOCKER_MEDIA_TYPES: "1" From 5e4b7c1dca92825a3b92fbfb0e0d26c63d695583 Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 14:18:28 -0500 Subject: [PATCH 6/7] cleanup --- .../workflows/automated-release-workflow.yml | 112 +++++++++--------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 87f7a5298..d087a175b 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -24,7 +24,7 @@ jobs: contents: write id-token: write pull-requests: write - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/hotfix/release-workflow-perms' + if: github.ref == 'refs/heads/main' env: SPLUNK_OPERATOR_RC_IMAGE_NAME: splunk/splunk-operator-rc steps: @@ -81,61 +81,61 @@ jobs: sudo chmod +x operator-sdk_${OS}_${ARCH} sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk - # - name: Generate Release Artifacts - # run: | - # make generate-artifacts IMG=splunk/splunk-operator:${{ github.event.inputs.release_version }} VERSION=${{ github.event.inputs.release_version }} SPLUNK_ENTERPRISE_IMAGE=splunk/splunk:${{ github.event.inputs.enterprise_version }} - - # - name: Upload Release Artifacts - # uses: actions/upload-artifact@v6 - # with: - # name: "release-artifacts-${{ github.event.inputs.release_version }}" - # path: "release-**" - - # - name: Generate Release Notes - # run: | - # a=`cat docs/ChangeLog.md | grep -n -m2 "^##" | awk -F":" '{print $1}' | tail -1` - # a=`expr $a - 1` - # sed -n "4,${a}p" docs/ChangeLog.md >> docs/ReleaseNotes.md >> docs/ReleaseNotes.md - - # - name: Create Release - # uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 - # with: - # artifacts: "release-${{ github.event.inputs.release_version }}/splunk-operator-cluster.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-namespace.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-crds.yaml" - # bodyFile: "docs/ReleaseNotes.md" - # tag: "${{ github.event.inputs.release_version }}" - # draft: true - - # - name: Promote RC Image to Release - # run: | - # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:latest - - # - name: Sign Splunk Operator image with a key - # run: | - # cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - # env: - # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - # COSIGN_DOCKER_MEDIA_TYPES: "1" - - # - name: Verify Splunk Operator image with a key - # run: | - # cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - # env: - # COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} - # COSIGN_DOCKER_MEDIA_TYPES: "1" - - # - name: Promote Distroless RC Image to Release - # run: | - # regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless - - # - name: Sign Distroless Splunk Operator image with a key - # run: | - # cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless - # env: - # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - # COSIGN_DOCKER_MEDIA_TYPES: "1" + - name: Generate Release Artifacts + run: | + make generate-artifacts IMG=splunk/splunk-operator:${{ github.event.inputs.release_version }} VERSION=${{ github.event.inputs.release_version }} SPLUNK_ENTERPRISE_IMAGE=splunk/splunk:${{ github.event.inputs.enterprise_version }} + + - name: Upload Release Artifacts + uses: actions/upload-artifact@v6 + with: + name: "release-artifacts-${{ github.event.inputs.release_version }}" + path: "release-**" + + - name: Generate Release Notes + run: | + a=`cat docs/ChangeLog.md | grep -n -m2 "^##" | awk -F":" '{print $1}' | tail -1` + a=`expr $a - 1` + sed -n "4,${a}p" docs/ChangeLog.md >> docs/ReleaseNotes.md >> docs/ReleaseNotes.md + + - name: Create Release + uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 + with: + artifacts: "release-${{ github.event.inputs.release_version }}/splunk-operator-cluster.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-namespace.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-crds.yaml" + bodyFile: "docs/ReleaseNotes.md" + tag: "${{ github.event.inputs.release_version }}" + draft: true + + - name: Promote RC Image to Release + run: | + regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:latest + + - name: Sign Splunk Operator image with a key + run: | + cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + env: + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" + + - name: Verify Splunk Operator image with a key + run: | + cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + env: + COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + COSIGN_DOCKER_MEDIA_TYPES: "1" + + - name: Promote Distroless RC Image to Release + run: | + regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + + - name: Sign Distroless Splunk Operator image with a key + run: | + cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + env: + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Distroless Splunk Operator image with a key run: | From 20fc531061e170127bb8def9ee609ab554f9b796 Mon Sep 17 00:00:00 2001 From: rlieberman-splunk Date: Mon, 30 Mar 2026 14:26:11 -0500 Subject: [PATCH 7/7] add --recursive for standard image --- .github/workflows/automated-release-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index d087a175b..5896b1ede 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -112,7 +112,7 @@ jobs: - name: Sign Splunk Operator image with a key run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}