From 4ae54b62313db877cdb5ff1b713271085dfaeec9 Mon Sep 17 00:00:00 2001
From: Richard Fan <richardfan1126@gmail.com>
Date: Mon, 9 Sep 2024 00:38:00 +0800
Subject: [PATCH] Update cosign verify instruction

---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 925c30d..f175bd7 100644
--- a/README.md
+++ b/README.md
@@ -106,15 +106,17 @@ _(You can choose one to perform depending on you requirements):_
 
       ```bash
       cosign verify <artifact_uri> \
-          --certificate-identity-regexp "<github_repo_url>" \
-          --certificate-oidc-issuer https://token.actions.githubusercontent.com
+          --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+          --certificate-identity "<github_action_workflow_ref>" \
+          --certificate-github-workflow-repository "<github_repo_name>"
       ```
 
       E.g.
       ```bash
       cosign verify ghcr.io/richardfan1126/how-high-is-my-salary-enclave-app:538f821a3cacf8370a4a707f79fc26476bc27bb6 \
-          --certificate-identity-regexp "https://github.com/richardfan1126/how-high-is-my-salary-enclave-app/" \
-          --certificate-oidc-issuer https://token.actions.githubusercontent.com
+          --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+          --certificate-identity "https://github.com/richardfan1126/how-high-is-my-salary-enclave-app/.github/workflows/build-and-sign-eif.yaml@refs/heads/main" \
+          --certificate-github-workflow-repository "richardfan1126/how-high-is-my-salary-enclave-app"
       ```
 
       If the artifact is signed using the correct GitHub Action workflow, you will see the following message.