From f91979d2ccaed9777da39c490f209027605dbf5e Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Wed, 27 May 2026 15:33:54 +0200
Subject: [PATCH] initialize cosign trust root after install

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/workflows/bake.yml   | 2 ++
 .github/workflows/build.yml  | 2 ++
 .github/workflows/verify.yml | 1 +
 3 files changed, 5 insertions(+)

diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml
index 4d4f734..efc077b 100644
--- a/.github/workflows/bake.yml
+++ b/.github/workflows/bake.yml
@@ -208,6 +208,7 @@ jobs:
 
             const cosign = new Cosign();
             await cosign.printVersion();
+            await exec.exec(cosign.binPath, ['initialize']);
       -
         name: Check dependencies signatures
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -731,6 +732,7 @@ jobs:
             
             const cosign = new Cosign();
             await cosign.printVersion();
+            await exec.exec(cosign.binPath, ['initialize']);
             
             const containerName = `${Buildx.containerNamePrefix}${inpBuilderName}0`;
             
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7f30d2d..a72e90c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -212,6 +212,7 @@ jobs:
 
             const cosign = new Cosign();
             await cosign.printVersion();
+            await exec.exec(cosign.binPath, ['initialize']);
       -
         name: Check dependencies signatures
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -622,6 +623,7 @@ jobs:
 
             const cosign = new Cosign();
             await cosign.printVersion();
+            await exec.exec(cosign.binPath, ['initialize']);
             
             const containerName = `${Buildx.containerNamePrefix}${inpBuilderName}0`;
             
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index cebf481..561eef2 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -78,6 +78,7 @@ jobs:
 
             const cosign = new Cosign();
             await cosign.printVersion();
+            await exec.exec(cosign.binPath, ['initialize']);
       -
         name: Login to registry
         if: ${{ steps.vars.outputs.signed == 'true' && steps.vars.outputs.output-type == 'image' }}