add --yes to example workflow

Version 2.0 of cosign is asking users to confirm that information is stored in public transparency logs. This interactive interaction does not work in automated CI pipelines like GitHub actions and breaks builds that are now starting to use 2.0. Adding --yes removes the required user interaction and enables automated builds again.
sigstore · Mar 6, 2023 · 0bf7df2 · 0bf7df2
1 parent c3667d9
commit 0bf7df2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -135,7 +135,7 @@ jobs:
           COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
 
       - name: Sign the images with GitHub OIDC Token **not production ready**
-        run: cosign sign ${TAGS}
+        run: cosign sign --yes ${TAGS}
         env:
           TAGS: ${{ steps.docker_meta.outputs.tags }}
 ```