ci(release.yaml): use container-tools base image with cosign to run shell with cosign to sign image

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>

.woodpecker/release.yaml

@@ -10,6 +10,7 @@ variables:
   - &buildx-plugin "woodpeckerci/plugin-docker-buildx:6.0.2"
   - &repo "registry.mareshq.com/woodpecker-plugins/cosign-sign"
   - &platforms "linux/arm64/v8,linux/amd64"
+  - &container_tools_image "registry.mareshq.com/library/container-tools:commit-4870dfe6aab84eb0"
 
 steps:
   publish-next:
@@ -52,20 +53,17 @@ steps:
       - echo $COSIGN_KEY > ./cosign.key
 
   sign-next:
-    image: registry.mareshq.com/woodpecker-plugins/cosign-sign:next
-    settings:
-      images:
-        - registry.mareshq.com/woodpecker-plugins/cosign-sign:next
-        - registry.mareshq.com/woodpecker-plugins/cosign-sign:next
+    image: *container_tools_image
+    commands:
+      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:next
     when:
       event: push
       branch: main
 
   sign-tag:
-    image: registry.mareshq.com/woodpecker-plugins/cosign-sign:next
-    settings:
-      images:
-        - registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
-        - registry.mareshq.com/woodpecker-plugins/cosign-sign:${CI_COMMIT_TAG}
+    image: *container_tools_image
+    commands:
+      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
+      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:${CI_COMMIT_TAG}
     when:
       event: tag