Merge pull request #460 from vdice/ci/fix-cosign-usage

fix(sbom.yml): fix cosign usage

Author: vdice

.github/workflows/sbom.yml

@@ -61,8 +61,7 @@ jobs:
       - name: Sign SBOM file
         run: |
           cosign sign-blob --yes \
-            --output-certificate ${{ inputs.image-name }}-sbom-${{ matrix.arch }}.spdx.cert \
-            --output-signature ${{ inputs.image-name }}-sbom-${{ matrix.arch }}.spdx.sig \
+            --bundle ${{ inputs.image-name }}-sbom-${{ matrix.arch }}.spdx.bundle \
             ${{ inputs.image-name }}-sbom-${{ matrix.arch }}.spdx
 
       - name: Attach SBOM file in the container image