From b5baa55a601df5e890e5120548cae9bb77aae4a9 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Wed, 5 Apr 2023 13:09:58 -0700
Subject: [PATCH] Update cosign usage note

---
 .goreleaser.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 42b313b4..c296092d 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -156,9 +156,11 @@ release:
     Below is an example using `cosign` to verify a release artifact:
 
     ```
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob \
+    cosign verify-blob \
       --certificate ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig.pem \
       --signature ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig \
+      --certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
+      --certificate-oidc-issuer https://token.actions.githubusercontent.com \
       ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz
     ```