remove signer

Author: Patrick Koss

.github/workflows/release.yaml

@@ -36,15 +36,11 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
       - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
 
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Set up Cosign
-        uses: sigstore/cosign-installer@v3.1.1
-
       - name: Login to Registry
         uses: docker/login-action@v2
         with:
@@ -60,5 +56,3 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_KEY_PASSWORD}}

.goreleaser.yml

@@ -58,32 +58,6 @@ checksum:
   disable: false
   name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt"
 dist: dist
-docker_signs:
-  - cmd: cosign
-    args:
-      - sign
-      - --tlog-upload=false
-      - --key
-      - env://COSIGN_PRIVATE_KEY
-      - "${artifact}@${digest}"
-      - --yes
-    artifacts: images
-    ids:
-      - external-dns-stackit-webhook
-    output: true
-signs:
-  - cmd: cosign
-    env:
-      - COSIGN_EXPERIMENTAL=1
-    certificate: '${artifact}.pem'
-    args:
-      - sign-blob
-      - --yes
-      - '--output-certificate=${certificate}'
-      - '--output-signature=${signature}'
-      - '${artifact}'
-    artifacts: checksum
-    output: true
 changelog:
   use: github
   sort: asc