Update cosign

Signed-off-by: Aaron Lew <[email protected]>

Author: aaronlew02

.github/workflows/reusable-prober.yml

@@ -143,7 +143,6 @@ jobs:
       GITHUB_RUN_ID: ${{ github.run_id }}
       GITHUB_RUN_ATTEMPT: ${{ github.run_attempt }}
       IMAGE: localhost:1338/image:${{ github.sha }}-${{ github.run_id }}
-      REKOR_SERVER: ${{ inputs.rekor_v1_url }}
       IDENTITY_REGEX: ${{ github.server_url }}/${{ github.repository }}/.github/workflows/reusable-prober.yml@refs/.*
     runs-on: ubuntu-latest
     outputs:
@@ -167,14 +166,16 @@ jobs:
         run: |
           echo "skip_pagerduty=true" >> $GITHUB_OUTPUT
 
-      - name: Extract relevant binaries
+      - name: Extract crane binary
         run: |
           docker pull ghcr.io/sigstore/sigstore-probers:latest
           # the last argument in the next command is not used, it is required because the container doesn't have a default command
           docker create --name binaries ghcr.io/sigstore/sigstore-probers /usr/local/bin/crane
-          docker cp binaries:/usr/local/bin/cosign /usr/local/bin/
           docker cp binaries:/usr/local/bin/crane /usr/local/bin/
 
+      - name: Install cosign
+        uses: sigstore/[email protected]
+
       # Setup the registry on port 1338
       - run: |
           PORT=1338 crane registry serve &
@@ -220,8 +221,11 @@ jobs:
       - name: Sign and verify the image with preprod TUF
         if: ${{ inputs.enable_staging == false }}
         run: |
+          cosign version
           cosign sign --yes ${IMAGE} --use-signing-config --oidc-provider github-actions --new-bundle-format
-          cosign verify ${IMAGE} --rekor-url  ${{ inputs.rekor_v1_url }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX"
+          echo "COSIGN SIGN CALL COMPLETED SUCCESSFULLY"
+          cosign verify ${IMAGE} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX" --new-bundle-format
+          echo "COSIGN VERIFY CALL COMPLETED SUCCESSFULLY"
 
       - name: Remove preprod TUF
         run: |
@@ -243,11 +247,11 @@ jobs:
       - name: Sign and verify the image
         run: |
           cosign sign --yes ${IMAGE} --use-signing-config --oidc-provider github-actions --new-bundle-format
-          cosign verify ${IMAGE} --rekor-url  ${{ inputs.rekor_v1_url }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX"
+          cosign verify ${IMAGE} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX" --new-bundle-format
       - name: Generate and upload attestation
         run: |
-          cosign attest --predicate ./prober/attestation.json --type slsaprovenance --use-signing-config ${IMAGE}
-          cosign verify-attestation --rekor-url  ${{ inputs.rekor_v1_url }} --type=slsaprovenance ${IMAGE} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX"
+          cosign attest --predicate ./prober/attestation.json --type slsaprovenance --use-signing-config ${IMAGE} --new-bundle-format
+          cosign verify-attestation --type=slsaprovenance ${IMAGE} --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity-regexp="$IDENTITY_REGEX" --new-bundle-format
       - name: Read entries from all Rekor shards
         run: |
           set -e

go.work

@@ -1,4 +1,4 @@
-go 1.23.4
+go 1.25.1
 
 use (
 	./pager-duty