feat: Bring fsync kernel to stable thanks to newly finished Secure Boot support, along with months of changes that have been held back by it! (#669)

* chore: Default to dark theme, use adw-gtk3 by default

* feat(gnome): Fix text fringing on OLED displays.
chore(gnome): Drop Gradience as an optional feature, continue to install theme for Gradience so it can be added by the end-user.

* feat: Add Gradience to list of optional flatpaks.
feat(kde): Add Vapor & VGUI2 themes for Gradience to theme GTK apps

* chore: Rename deck-specific dconf file

* chore(gnome): Automatically place wine shortcuts in a Wine folder.

* chore(gnome): Automatically place games into a "Games" folder.

* chore: Remove gnome apps from Utilities folder that'll be automatically categorized

* feat: Add joycond for Nintendo HID support

* chore: Remove glibc32 to fix builds, this will be reinstalled by later build steps.

* chore: Syntax fixes

* chore: Move winetricks & WineZGUI into Wine folder, add GNOME Tweaks to Utilities folder

* chore: Set the desktop background by default

* chore: Remove unneeded desktop params from 07-bazzite-deck

* chore(gnome): Apply font change and sound theme to all images

* chore: Include appmenu by default

* chore: Remove some applications mistakenly added to the Games folder

* feat(gnome): Add a folder that automatically contains all Waydroid apps

* chore: Prevent Steam & Lutris from being placed in the Games folder automatically

* chore: Move WineZGUI to the Utilities folder by default

* chore: Disable session and window size restoration in prompt by default, makes it behave much closer to stock gnome-terminal

* chore: Automatically sort Distrobox shortcuts into a Distrobox folder

* feat: added a few apps to yafti (#624)

* chore: Move nested desktop into Gaming Utilities

* chore: Update user-theme extension name

* chore: Add boxbuddy to Distrobox folder

* feat(gnome): Configure Just Perfection extension by default, hide Search box on Deck builds due to Steam Keyboard not functioning with it

* feat(gnome): Enable just perfection shell theme by default on Desktop images

* feat: Add hhd for Lenovo Legion

* chore: Restore mesa-va-drivers-freeworld

* chore: Always update gstreamer1

a

* fix(legion): Disable ds-inhibit by default

* chore(gnome): Add tuned-gui to the Utilities folder

* feat(legion): Add ujust get-simpledeckytdp

* fix(gnome): Fix prompt keyboard shortcut, add default config for Logo menu to dconf, clean up config change from Containerfile.

* fix: Always launch prompt in a new window when xdg-terminal-exec is called with no input

* feat(gnome): Enable workspace wrap around, fix annoying attention notification, remove delay from alt+tab
feat(gnome): Place OSD in top left on deck images, matching SteamOS Gamemode

* chore(gnome): Make alt+tab more useful, customize some other sizes

* feat(gnome): Add default settings for blur my shell

* feat(gnome): Enable blur my shell by default

* chore: Drop normally invisible SDDM theme

* chore: Standardize all bash scripts on #!/usr/bin/bash
chore: Standardize all python scripts on #!/usr/bin/python3
chore: Update path for ds-inhibit patch
chore(readme): Remove unused package

* chore: Restore wine.conf for pipewire

* fix(gnome): Fix issue with xdg-terminal-exec when used with long commands
chore: Additional bash script cleanup

* chore(gnome): Rename Distrobox folder to "Containers", rename "Waydroid Apps" to "Android Apps'.

* feat: Restore DisplayLink

* feat(ci): Test - Implement kernel signing

* Revert "feat(ci): Test - Implement kernel signing"

This reverts commit a9da666.

* chore(ci): Bump cosign-action to v0.2.0

* chore: Re-enable displaylink service by default

* feat: Add p-state patched power-profiles-daemon

* chore: Move fleek to optional via ujust

* chore: Use ublue Waydroid script fork

* feat(gnome): Enable num-lock by default (#629)

It's a no-brainer to have this enabled out-of-the-box imo

* feat(gnome): Fix caps-lock input delay (#630)

* feat: Fix caps-lock input delay

This is one of the 1st issues which ex-Windows users notice when they switch to Linux. I am one of those users who uses Caps-Lock instead of Shift for uppercase letters.

This will get rid of input delay, while the "light indicator" delay is still the same (I mentioned this distinction to not confuse you if you don't "see" any changes).

To test, type "Helo" repeatedly using Caps Lock.
You will no longer see "HElo" in your texts.

Fix took from here:
https://forum.manjaro.org/t/caps-lock-behaviour-wayland/79868/8

* Add needed dconf for caps-lock delay fix

* Place this in desktop/silverblue, since it is for Gnome only for now

---------

Co-authored-by: Kyle Gospodnetich <me@kylegospodneti.ch>

* Revert "feat(gnome): Fix caps-lock input delay (#630)"

This reverts commit cdc6ce5.

* chore: use /usr/bin instead of /usr/sbin where possible

* fix: Move from BoilR AppImage to Flatpak

* fix: Move from Greenlight AppImage to Flatpak

* fix: Use python3 (libs) from updates

* chore: Reduce wine audio buffer to 128/48000

* fix: Move Bazzite-Portal into Utilities folder and out of Lost & Found

* fix: Use Waydroid folder name to match KDE, move Bazzite Portal into utilities

* feat: Add an alias for hyfetch to use Bazzite logo

* fix(kde): Only add Return.desktop on Deck builds, remove Bazzite Portal from desktop

* chore: Remove unneeded new line

* chore: Remove Waydroid from Gaming Utilities

* chore(gnome): Use Fira Code as the monospace font

* feat: Add support for VTF formats

* feat(kde): Add VTF Thumbnailer

* feat: Add Webapp Manager

* feat: Enable MTU Probing matching upstream

* chore: Remove unneeded polkit rules

* chore: Use 1 rather than true

* chore: Remove blur my shell hack level override

* Revert "feat(kde): Add VTF Thumbnailer"

This reverts commit 0896477.

* feat: Include playerctl for media control

* chore: Switch to self-controlled forks for anything executable we pull from GitHub

* fix: Correct caps on gamescope with workaround service
Based on work by m2Giles

* fix: Correct labels on waydroid for selinux (#639)

* chore: Hide input remapper by default on deck images, this will be re-enabled by a just command

* chore: Restore selinux labels recursively for waydroid folder

* feat(deck): Add ujust enable-input-remapper to restore input remapper when desired

* chore: Update system76-scheduler configs

* feat(nvidia): Automatically set needed params for hw accelerated video in Flaptak Firefox on Nvidia hardware

* fix(nvidia): Do not apply flatpak overrides to hybrid systems
chore(nvidia) Apply overrides prior to flatpak installs to ensure Firefox is ready to use the moment it's installed.

* chore: Ensure lshw is always installed

* chore: Additionally check that one of the GPUs is Nvidia for hybrid systems

* feat: Add default config for Firefox to handle vaapi

* chore: Cleanup firefox prefs

* chore: Set custom distro details for NVIDIA edition
feat(gnome): Enable supergfxctl-gex on NVIDIA builds by default

* chore: Add hyfetch alias to fish shell as well

* chore: Update libaom

* chore(firefox-config): Store in /usr and copy to /var in bazzite-flatpak-manager, cleanup

* chore(firefox-config): Fix sharp corners

* feat: Add workaround for Sunshine to set correct caps for KMS

* Merge pull request #643 from eltociear/patch-1

chore: update 60-custom.just

* chore: Clean up hardware setup script

* chore: Minor adjustment to ublue-update settings. Don't dbus notify on deck builds, reduce battery requirement on desktop builds until battery check issues are resolved.

* feat: Add zenpower3 kmod

* chore: Disable fractional scaling on deck builds by default

* feat(nvidia): Add Waydroid support (This will not work on Nvidia GPUs until at least NVK is available, but you may now use it on Nvidia builds with an Intel or AMD integrated GPU)

* feat(aokzoe): Support custom refresh rates on AOKZOE A1 hardware

* chore: Move aokzoe firmware to deck

* chore: Restore desktop battery check now that patched psutil is ready

* chore: Only apply edid fix to deck builds

* chore: Minor typo fix

* feat: Add Selinux Troubleshooting packages (#651)

* feat(gnome): Add hot edge as a default extension, greatly improves desktop UX by making the dash behave more like a hidden dock. Apply pressure to the bottom of your screen to make it appear.

* chore: Temporarily drop setroubleshoot until issues with notifications can be addressed

* feat(gnome): Give users the full wobble if they enable the compiz extension

* chore: Remove Nouveau vulkan icd files on Nvidia builds.

* fix: Set up bazzite-hardware-setup to re-run if the branch changes

* chore: Ensure branch is saved

* feat(nvidia): Enable GSP firmware by default

* chore: Correct known image branch check

* chore: Yafti cleanup

* chore: Cleanup user and hardware setup scripts

* feat: Ship xwiimote-ng

Extends hid-wiimote, providing tools and libraries that support the
Wii Remote as well as the Wii Balance Board, Wii U Pro Controller,
and other accessories.

* chore: Use new separate hhd repo

* feat: Support the Anbernic Win600

* chore: Switch to new official HHD repo

* feat: Use HHD on both Legion & Ally
chore: Further setup script cleanup
fix(legion): Correct rotation on KDE Wayland (Thanks d3Xt3r)

* fix: Lock to previous version of btrfs dedup script

* fix(legion): Update rotation direction and exit in a nested session.

* chore(ci): Fix missing IMAGE_BRANCH variable

* chore: Fix HHD path

* chore: Add IMAGE_BRANCH to deck builds

* chore: Remove unneeded steam-patch karg

* fix(deck): Setup sdgyrodsu as a user service

* chore: Remove now unneeded fish alias

* fix: Auto rotate legion go screen (#660)

* feat(kde): Add dconf for Prompt

* fix: sunshine is a symlink

follow the symlink to get the actual binary.

* feat(kde): Change default pinned application list

* feat(kde): Ship an incredibly minor gtk.css theme to to make prompt feel at home, adjusts window geometry and nothing else.

* feat(kde): Use prompt for control+alt+t shortcut by default, hide Konsole (This will be restorable via ujust before reaching stable)

* chore: Always launch Prompt as a new window on KDE, required due to how open in terminal is implemented.

* chore: Adjust file names to match existing standard

* chore(kde): Switch to using a shim to handle quirks w/ Prompt on KDE

* feat: Add Pods as a default feature, great for managing distrobox/containers.

* chore: Increase flatpak manager version

* chore(gnome): Add Pods to Utilities folder

* fix(kde): Load dconf for Prompt on KDE with bazzite-user-setup

* feat(kde): Change default favorite applications

* chore: Create a file to ensure dconf is only ever loaded once, even if the script version is increased.

* chore: Use new-window as the shortcut target

* chore(kde): Very slightly increase border radius for gtk4 theme

* chore(gnome): Move Pods to Containers folder

* fix: Update LACT installer to download the correct version for KDE & GNOME, apply live to avoid needing to reboot and enable the service after reboot.
chore: Remove ppfeaturemask change requirement thanks to fsync kernel

* feat: Blacklist k10temp in favor of zenpower3

* chore: Add just command for LACT to deck builds

* feat: Add 'ujust restore-original-terminal' to restore the default terminal for KDE/GNOME that was hidden when we switched to prompt

* chore(kde): Simplify dolphin shim since no other changes will be needed

* feat(ci): Add kernel signing

* chore(ci): Pin kernel signer at v0.1.0

* feat(gnome): Add ujust command to reset Bazzite setting customizations

* feat(kde): Add option to restore the gtk-4.0 breeze theme to just

* chore: Move Zenpower to just

* chore: Ship a notice about secure boot

* Revert "chore: Ship a notice about secure boot"

This reverts commit bfce942.

* chore(readme): Move GTK3/4 theme feature to show it works in KDE as well.

* feat(deck): Add ujust command for installing HHD Decky

* chore(readme): Add new features from testing branch

* feat: Add Planify (https://github.com/alainm23/planify) to Yafti

* chore(ci): Update to kernel signer 0.1.1

* chore: Update isogenerator to 2.3.0

* chore: Update isogenerator to 2.3.0

* chore(ci): Bump kernel signer to v0.1.2

* Update README-SPA.md (#671)

Added new stuff from recent README changes, including the new secure boot option

* feat(deck): Add Bazzite Steam Startup video by SuperRiderTH

* chore(ci): Update kernel signer to 0.1.2

* Added special thanks to SuperRiderTH (#673)

Added special thanks to SuperRiderTH for creating the new startup video for Game Mode

* chore: Adjust pathing for game mode video

* feat: Use stock fedora gamepad drivers by default. If you are using a controller better served by xpad/xpadneo, switch with "ujust use-ublue-gamepads"

* chore(readme): Update xbox controller description

* chore: Mention that files are intentionally empty

* feat: Add ujust command to force-enable AMD pstate

* chore(readme): Update index

* chore(readme): Minor cleanup

* chore: Add Spanish FAQ Link (#677)

* chore: Update isogenerator to 2.3.1

* chore(readme): Mention secure boot documentation below rebase steps

* feat: Replace power profiles daemon with TuneD

Provides more control over power tuning. May be the default in Fedora 40
with one of the only blockers being the lack of GNOME Control Center
integration (tuned-gtk provides a GUI for this in the meantime)

* fix(framework): Don't remove non-existant power profiles daemon

Framework images replace power profiles daemon

* fix(framework): Remove tlp on framework images

* chore: Include atomic and partitioned CPU profiles for tuned

* chore: Minor syntax fix

* feat: Add a just command and default-enabled option to the Bazzite portal to fix download speeds under Steam for Linux.

* chore(readme): Add flags to select other languages

* chore: Enable new tuned-ppd service

* chore(gnome): Move tuned-gui into utilities folder

* chore: Add tuned-profiles-compat

* chore(readme): embiggen flags

* chore: Install new tuned-ppd package

* chore(readme): Minor updates

* feat: Include nerd-fonts, this will automatically be used as a fallback for the default Fira Code font when an unknown symbol is requested

* fix: Switch to 70-bazzite.just for custom just scripts, frees up 60-custom.just for downstream
fixes #679

* chore: Minor syntax fix

* chore(readme): Fix deck hardware-specific section

* Revert "feat: Include nerd-fonts, this will automatically be used as a fallback for the default Fira Code font when an unknown symbol is requested"

This reverts commit 6073c84.

* fix: Correct restore-original-terminal command on KDE

* chore: Rename to 80-bazzite.just

* chore: Remove now unneeded pipewire change

* feat: Make wireplumber write-able for later use with steamdeck-dsp

* feat(gnome): Show link to Pods in Bazzite Menu

* chore: Increase versions, prep for go-live

* chore: Add ujust install-gamemode-video to desktop, usable in Big Picture mode

* feat: Ship a default Pods config for new users, simplifies setup for people who aren't container nerds

* feat: Switch to layered sunshine
Fixes #649

* fix(ally): Correct rotation in KDE
Fixes #680

* chore: Cleanup

* chore: Shorten name of secure boot key.

* chore: Add timeout change to other readmes

* chore(readme): Fix index links

* chore(kde): Use opacity of 0.95 for Prompt

* fix: Don't enable tuned-ppd, this is done purely with dbus

* chore: Always remove power-profiles-daemon

* chore: Remove with || true to ensure no errors occur

* chore: Clean up tuned-gui desktop file name

* chore: Remove nested desktop option from Yafti

* chore(readme): Update with TuneD information

* chore(readme): Minor spacing correction

* fix(kde): Correct caps for KDE's System Monitor
Fixes #689

* chore: Update nvidia karg message

* chore(readme): Add tuned-ppd to readme while we're building a custom version of it.

* chore: Ignore tuned-ppd in system76-scheduler

* fix: Handle nested desktop mode a different way in rotation fix.

* chore: Remove unneeded compat profiles for tuned

* chore: Always update libdecor

* chore: Remove secure boot warning

* chore: Revert TuneD temporarily while dbus issues are worked out

* Revert "chore(kde): Use opacity of 0.95 for Prompt"

This reverts commit c0464f4.

---------

Co-authored-by: David Marrero <bdface@proton.me>
Co-authored-by: RJ Trujillo <eyecantcu@pm.me>
Co-authored-by: fiftydinar <65243233+fiftydinar@users.noreply.github.com>
Co-authored-by: Noel Miller <4983138+noelmiller@users.noreply.github.com>
Co-authored-by: m2Giles <69128853+m2Giles@users.noreply.github.com>
Co-authored-by: CharlieBros <carlitoshubbles@hotmail.com>
Co-authored-by: Pat Connors <121328689+nicknamenamenick@users.noreply.github.com>

Author: 8 people

.github/workflows/build.yml

@@ -44,8 +44,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        image_flavor: [main, nvidia, asus, asus-nvidia, framework, surface, surface-nvidia]
-        base_name: [bazzite, bazzite-deck]
+        base_image_flavor: [main, asus, framework, surface]
+        base_name: [bazzite, bazzite-deck, bazzite-nvidia]
         base_image_name: [kinoite, silverblue]
         major_version: [39]
         include:
@@ -54,58 +54,75 @@ jobs:
             is_stable_version: true
         exclude:
           - base_name: bazzite-deck
-            image_flavor: nvidia
+            base_image_flavor: nvidia
           - base_name: bazzite-deck
-            image_flavor: asus-nvidia
+            base_image_flavor: asus-nvidia
           - base_name: bazzite-deck
-            image_flavor: surface
+            base_image_flavor: surface
           - base_name: bazzite-deck
-            image_flavor: surface-nvidia
+            base_image_flavor: surface-nvidia
+          - base_name: bazzite-nvidia
+            base_image_flavor: framework
     steps:
+      - name: Verify base image
+        uses: EyeCantCU/cosign-action/verify@v0.2.0
+        with:
+          containers: ${{ matrix.base_image_name }}-${{ matrix.base_image_flavor }}
+          pubkey: https://raw.githubusercontent.com/ublue-os/${{ matrix.base_image_flavor }}/main/cosign.pub
+
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
-      - name: Verify base image
-        uses: EyeCantCU/cosign-action/verify@v0.2.2
-        with:
-          containers: ${{ matrix.base_image_name }}-${{ matrix.image_flavor }}:${{ matrix.major_version }}
+      - name: Check just syntax
+        uses: ublue-os/just-action@v1
 
       - name: Maximize build space
         uses: ublue-os/remove-unwanted-software@v6
 
-      - name: Check just syntax
-        uses: ublue-os/just-action@v1
-
       - name: Matrix Variables
         run: |
+          echo "AKMODS_FLAVOR=fsync" >> $GITHUB_ENV
           echo "BASE_IMAGE_NAME=${{ matrix.base_image_name }}" >> $GITHUB_ENV
+
+          if [[ "${{ matrix.base_image_flavor }}" == "framework" ]]; then
+              echo "BASE_IMAGE_FLAVOR=framework" >> $GITHUB_ENV
+          else
+              echo "BASE_IMAGE_FLAVOR=main" >> $GITHUB_ENV
+          fi
+
+          if [[ "${{ matrix.base_name }}" == "bazzite-nvidia" ]]; then
+              if [[ "${{ matrix.base_image_flavor }}" == "main" ]]; then
+                  echo "IMAGE_FLAVOR=nvidia" >> $GITHUB_ENV
+              else
+                  echo "IMAGE_FLAVOR=${{ format('{0}-{1}', matrix.base_image_flavor, 'nvidia') }}" >> $GITHUB_ENV
+              fi
+          else
+              echo "IMAGE_FLAVOR=${{ matrix.base_image_flavor }}" >> $GITHUB_ENV
+          fi
+
+      - name: Set image name
+        run: |
           DESKTOP=""
           if [[ "${{ matrix.base_image_name }}" == "silverblue" ]]; then
               DESKTOP="-gnome"
           fi
+
           if [[ "${{ matrix.base_name }}" == "bazzite-deck" ]]; then
-              if [[ "${{ matrix.image_flavor }}" == "asus" ]]; then
+              if [[ "${{ matrix.base_image_flavor }}" == "asus" ]]; then
                   echo "IMAGE_NAME=${{ format('{0}{1}', 'bazzite-ally', '${DESKTOP}') }}" >> $GITHUB_ENV
-              elif [[ "${{ matrix.image_flavor }}" == "framework" ]]; then
+              elif [[ "${{ matrix.base_image_flavor }}" == "framework" ]]; then
                   echo "IMAGE_NAME=${{ format('{0}{1}', 'bazzite-framegame', '${DESKTOP}') }}" >> $GITHUB_ENV
               else
                   echo "IMAGE_NAME=${{ format('{0}{1}', 'bazzite-deck', '${DESKTOP}') }}" >> $GITHUB_ENV
               fi
           else
-              if [[ "${{ matrix.image_flavor }}" == "main" ]]; then
-                  echo "IMAGE_NAME=${{ format('{0}{1}', matrix.base_name, '${DESKTOP}') }}" >> $GITHUB_ENV
+              if [[ "${{ env.IMAGE_FLAVOR }}" == "main" ]]; then
+                  echo "IMAGE_NAME=${{ format('{0}{1}', 'bazzite', '${DESKTOP}') }}" >> $GITHUB_ENV
               else
-                  echo "IMAGE_NAME=${{ format('{0}{1}-{2}', matrix.base_name, '${DESKTOP}', matrix.image_flavor) }}" >> $GITHUB_ENV
+                  echo "IMAGE_NAME=${{ format('{0}{1}-{2}', 'bazzite', '${DESKTOP}', env.IMAGE_FLAVOR) }}" >> $GITHUB_ENV
               fi
           fi
-          if [[ "${{ matrix.image_flavor }}" =~ "asus" ]]; then
-              echo "AKMODS_FLAVOR=asus" >> $GITHUB_ENV
-          elif [[ "${{ matrix.image_flavor }}" =~ "surface" ]]; then
-              echo "AKMODS_FLAVOR=surface" >> $GITHUB_ENV
-          else
-              echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV
-          fi
 
       - name: Generate tags
         id: generate-tags
@@ -164,7 +181,13 @@ jobs:
       - name: Get Current Fedora Version
         id: labels
         run: |
-          ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ matrix.base_image_name }}-${{ matrix.image_flavor }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
+          if [[ "${{ matrix.base_name }}" == "bazzite-nvidia" ]]; then
+              ver=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-${{ env.IMAGE_FLAVOR }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
+          elif [[ "${{ env.IMAGE_FLAVOR}}" == "main" ]]; then
+              ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ matrix.base_image_name }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
+          else
+              ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ matrix.base_image_name }}-${{ env.IMAGE_FLAVOR }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
+          fi
           echo "VERSION=$ver" >> $GITHUB_OUTPUT
 
       # Build metadata
@@ -193,9 +216,10 @@ jobs:
             ${{ steps.generate-tags.outputs.alias_tags }}
           build-args: |
             IMAGE_NAME=${{ env.IMAGE_NAME }}
-            IMAGE_FLAVOR=${{ matrix.image_flavor }}
+            IMAGE_FLAVOR=${{ env.IMAGE_FLAVOR }}
             IMAGE_VENDOR=${{ github.repository_owner }}
             BASE_IMAGE_NAME=${{ matrix.base_image_name }}
+            BASE_IMAGE_FLAVOR=${{ env.BASE_IMAGE_FLAVOR }}
             FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
             AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }}
             IMAGE_BRANCH=${{ github.ref_name }}
@@ -204,6 +228,14 @@ jobs:
           extra-args: |
             --target=${{ matrix.base_name }}
 
+      - name: Sign kernel
+        uses: EyeCantCU/kernel-signer@v0.1.2
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }}
+          pubkey: /etc/pki/akmods/certs/akmods-ublue.der
+          tags: ${{ steps.build_image.outputs.tags }}
+
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
       - name: Lowercase Registry
@@ -229,26 +261,14 @@ jobs:
           extra-args: |
             --disable-content-trust
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Sign container
-      - uses: sigstore/cosign-installer@v3.3.0
-        if: github.event_name != 'pull_request'
-
       - name: Sign container image
+        uses: EyeCantCU/cosign-action/sign@v0.2.0
         if: github.event_name != 'pull_request'
-        run: |
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
-        env:
-          TAGS: ${{ steps.push.outputs.digest }}
-          COSIGN_EXPERIMENTAL: false
-          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+        with:
+          containers: ${{ env.IMAGE_NAME }}
+          registry-token: ${{ secrets.GITHUB_TOKEN }}
+          signing-secret: ${{ secrets.SIGNING_SECRET }}
+          tags: ${{ steps.push.outputs.digest }}
 
       - name: Echo outputs
         if: github.event_name != 'pull_request'