From 0d455b3886fa62c2faefeb0252fdd374a58d2177 Mon Sep 17 00:00:00 2001
From: Pavel Lineitsev <plineitsev@confluent.io>
Date: Thu, 25 Jun 2026 16:02:56 -0400
Subject: [PATCH] fix(ci): remove experimental environment variable from
 signing step

---
 .github/workflows/docker-publish.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 5ef122d..4aed5a9 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -197,10 +197,8 @@ jobs:
           output-file: sbom.spdx.json
 
       - name: Sign and attest
-        env:
-          COSIGN_EXPERIMENTAL: "1"
         run: |
           REF="${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}@${{ needs.merge.outputs.digest }}"
           cosign sign --yes --recursive --registry-referrers-mode oci-1-1 "${REF}"
-          cosign attest --yes --recursive --registry-referrers-mode oci-1-1 \
+          cosign attest --yes \
             --predicate sbom.spdx.json --type spdxjson "${REF}"