From 021a559dec482ee112444ee92bd2635773760a1e Mon Sep 17 00:00:00 2001
From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com>
Date: Mon, 16 Feb 2026 14:16:15 +0100
Subject: [PATCH 1/3] fix: image sign identity

---
 .github/workflows/python-ci.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index ef25dc8..b7cb47c 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -31,6 +31,7 @@ jobs:
       security-events: write
     uses: notdodo/github-actions/.github/workflows/docker-build-and-push.yml@docker-build-and-push-v0
     with:
+      sign-image: false
       image: digintlab/opencti-connector
       platforms: linux/amd64, linux/amd64
       egress-policy-allowlist: >
@@ -39,3 +40,24 @@ jobs:
         files.pythonhosted.org:443
         pypi.org:443
       push: false
+
+  sign-image:
+    needs: [build-docker-image]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      - name: Sign and verify
+        env:
+          COSIGN_YES: 'true'
+          IMAGE_REF: ${{ needs.build-docker-image.outputs.image_ref }}
+          CERT_OIDC_ISSUER: https://token.actions.githubusercontent.com
+          CERT_IDENTITY: ${{ format('https://github.com/{0}', github.workflow_ref) }}
+        run: |
+          cosign sign "${IMAGE_REF}"
+          cosign verify \
+            --certificate-identity "${CERT_IDENTITY}" \
+            --certificate-oidc-issuer "${CERT_OIDC_ISSUER}" \
+            "${IMAGE_REF}"

From b2bc2cb2343c02cfaef5ea10d85f5252fc2cdb80 Mon Sep 17 00:00:00 2001
From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com>
Date: Mon, 16 Feb 2026 14:18:38 +0100
Subject: [PATCH 2/3] fix: image sign identity

---
 .github/workflows/python-ci.yml | 22 ----------------------
 .github/workflows/release.yml   | 22 ++++++++++++++++++++++
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index b7cb47c..ef25dc8 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -31,7 +31,6 @@ jobs:
       security-events: write
     uses: notdodo/github-actions/.github/workflows/docker-build-and-push.yml@docker-build-and-push-v0
     with:
-      sign-image: false
       image: digintlab/opencti-connector
       platforms: linux/amd64, linux/amd64
       egress-policy-allowlist: >
@@ -40,24 +39,3 @@ jobs:
         files.pythonhosted.org:443
         pypi.org:443
       push: false
-
-  sign-image:
-    needs: [build-docker-image]
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
-      - name: Sign and verify
-        env:
-          COSIGN_YES: 'true'
-          IMAGE_REF: ${{ needs.build-docker-image.outputs.image_ref }}
-          CERT_OIDC_ISSUER: https://token.actions.githubusercontent.com
-          CERT_IDENTITY: ${{ format('https://github.com/{0}', github.workflow_ref) }}
-        run: |
-          cosign sign "${IMAGE_REF}"
-          cosign verify \
-            --certificate-identity "${CERT_IDENTITY}" \
-            --certificate-oidc-issuer "${CERT_OIDC_ISSUER}" \
-            "${IMAGE_REF}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8b4e502..59414f7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -42,6 +42,28 @@ jobs:
         files.pythonhosted.org:443
         pypi.org:443
       push: true
+      sign-image: false
     secrets:
       registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
       registry-password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  sign-image:
+    needs: [build-docker-image]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      - name: Sign and verify
+        env:
+          COSIGN_YES: 'true'
+          IMAGE_REF: ${{ needs.build-docker-image.outputs.image_ref }}
+          CERT_OIDC_ISSUER: https://token.actions.githubusercontent.com
+          CERT_IDENTITY: ${{ format('https://github.com/{0}', github.workflow_ref) }}
+        run: |
+          cosign sign "${IMAGE_REF}"
+          cosign verify \
+            --certificate-identity "${CERT_IDENTITY}" \
+            --certificate-oidc-issuer "${CERT_OIDC_ISSUER}" \
+            "${IMAGE_REF}"

From e89d6430c96f38c54217706072f494c663adf8ea Mon Sep 17 00:00:00 2001
From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com>
Date: Mon, 16 Feb 2026 14:19:52 +0100
Subject: [PATCH 3/3] fix: image archs

---
 .github/workflows/python-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index ef25dc8..536d0c3 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -32,7 +32,7 @@ jobs:
     uses: notdodo/github-actions/.github/workflows/docker-build-and-push.yml@docker-build-and-push-v0
     with:
       image: digintlab/opencti-connector
-      platforms: linux/amd64, linux/amd64
+      platforms: linux/amd64, linux/arm64
       egress-policy-allowlist: >
         deb.debian.org:443
         deb.debian.org:80