From f9f2a6ecd4501c5670fbd0ba97188bd52bf2ccf4 Mon Sep 17 00:00:00 2001
From: Andrew Nesbitt <andrewnez@gmail.com>
Date: Mon, 27 Apr 2026 21:26:23 +0100
Subject: [PATCH] Use cosign v4 bundle format for release signing

---
 .goreleaser.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index b6256de..e5881db 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -36,11 +36,10 @@ checksum:
 
 signs:
   - cmd: cosign
-    certificate: "${artifact}.pem"
+    signature: "${artifact}.cosign.bundle"
     args:
       - sign-blob
-      - "--output-certificate=${certificate}"
-      - "--output-signature=${signature}"
+      - "--bundle=${signature}"
       - "${artifact}"
       - "--yes"
     artifacts: checksum