docs: update instructions

caarlos0 · caarlos0 · commit e2fcc039c290 · 2025-10-18T12:44:57.000-03:00
Signed-off-by: Carlos Alexandro Becker &lt;caarlos0@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -113,15 +113,16 @@ The first thing we need to do, is get the current latest version:
 export VERSION="$(gh release list -L 1 -R goreleaser/example-secure --json=tagName -q '.[] | .tagName')"
 ```
 
-Then, we download the `checksums.txt` file, and verify its signature:
+Then, we download the `checksums.txt` and the signature bundle
+(`checksums.txt.sigstore.json`) files, and then verify them:
 
 ```bash
 wget https://github.com/goreleaser/example-secure/releases/download/$VERSION/checksums.txt
+wget https://github.com/goreleaser/example-secure/releases/download/$VERSION/checksums.txt.sigstore.json
 cosign verify-blob \
     --certificate-identity "https://github.com/goreleaser/example-secure/.github/workflows/release.yml@refs/tags/$VERSION" \
     --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
-    --cert "https://github.com/goreleaser/example-secure/releases/download/$VERSION/checksums.txt.pem" \
-    --signature "https://github.com/goreleaser/example-secure/releases/download/$VERSION/checksums.txt.sig" \
+    --bundle "checksums.txt.sigstore.json" \
     ./checksums.txt
 ```
 
