ci(release.yaml): fix sign-next

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>

.woodpecker/release.yaml

@@ -44,26 +44,28 @@ steps:
     when:
       event: tag
 
-  setup-cosign-key:
+  sign-next:
-    image: alpine
+    image: *container_tools_image
     environment:
+      COSIGN_PASSWORD: "" # testing, so empty password is OK
       COSIGN_KEY:
         from_secret: cosign_key
     commands:
       - echo $COSIGN_KEY > ./cosign.key
-
-  sign-next:
-    image: *container_tools_image
-    commands:
       - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:next
     when:
       event: push
       branch: main
 
-  sign-tag:
+  # sign-tag:
-    image: *container_tools_image
+  #   image: *container_tools_image
-    commands:
+  #   environment:
-      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
+  #     COSIGN_PASSWORD: "" # testing, so empty password is OK
-      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:${CI_COMMIT_TAG}
+  #     COSIGN_KEY:
-    when:
+  #       from_secret: cosign_key
-      event: tag
+  #   commands:
+  #     - echo $COSIGN_KEY > ./cosign.key
+  #     - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
+  #     - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:$${CI_COMMIT_TAG}
+  #   when:
+  #     event: tag