From ce70f9617d61230d3befe751baf972265e49cdfa Mon Sep 17 00:00:00 2001
From: Lucas Bedatty <lucas.bedatty@lerian.studio>
Date: Mon, 6 Apr 2026 14:14:54 -0300
Subject: [PATCH] fix(docs): update cosign verification regex to support
 tag-triggered workflows

---
 docs/build-workflow.md             | 2 +-
 docs/go-release-workflow.md        | 2 +-
 docs/typescript-build.md           | 2 +-
 src/security/cosign-sign/README.md | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/build-workflow.md b/docs/build-workflow.md
index 379cb5b..b44b227 100644
--- a/docs/build-workflow.md
+++ b/docs/build-workflow.md
@@ -224,7 +224,7 @@ jobs:
 
 ```bash
 cosign verify \
-  --certificate-identity-regexp="^https://github.com/LerianStudio/.*/.github/workflows/.*@refs/heads/.*$" \
+  --certificate-identity-regexp="^https://github\.com/LerianStudio/.+/.github/workflows/.+@refs/(heads|tags)/.+$" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
   docker.io/lerianstudio/my-app@sha256:abc123...
 ```
diff --git a/docs/go-release-workflow.md b/docs/go-release-workflow.md
index e8b5a2d..d8d1fc4 100644
--- a/docs/go-release-workflow.md
+++ b/docs/go-release-workflow.md
@@ -204,7 +204,7 @@ jobs:
 
 ```bash
 cosign verify \
-  --certificate-identity-regexp="^https://github.com/LerianStudio/.*/.github/workflows/.*@refs/heads/.*$" \
+  --certificate-identity-regexp="^https://github\.com/LerianStudio/.+/.github/workflows/.+@refs/(heads|tags)/.+$" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
   ghcr.io/myorg/my-app@sha256:abc123...
 ```
diff --git a/docs/typescript-build.md b/docs/typescript-build.md
index b8bdffd..aab3b88 100644
--- a/docs/typescript-build.md
+++ b/docs/typescript-build.md
@@ -231,7 +231,7 @@ jobs:
 
 ```bash
 cosign verify \
-  --certificate-identity-regexp="^https://github.com/LerianStudio/.*/.github/workflows/.*@refs/heads/.*$" \
+  --certificate-identity-regexp="^https://github\.com/LerianStudio/.+/.github/workflows/.+@refs/(heads|tags)/.+$" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
   ghcr.io/lerianstudio/my-app@sha256:abc123...
 ```
diff --git a/src/security/cosign-sign/README.md b/src/security/cosign-sign/README.md
index 1bf4fbb..d107920 100644
--- a/src/security/cosign-sign/README.md
+++ b/src/security/cosign-sign/README.md
@@ -64,7 +64,7 @@ jobs:
 
 ```bash
 cosign verify \
-  --certificate-identity-regexp="^https://github.com/LerianStudio/.*/.github/workflows/.*@refs/heads/.*$" \
+  --certificate-identity-regexp="^https://github\.com/LerianStudio/.+/.github/workflows/.+@refs/(heads|tags)/.+$" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
   docker.io/myorg/myapp@sha256:abc123...
 ```