diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
index fc48b17..22e7a71 100644
--- a/.github/workflows/image-publish.yml
+++ b/.github/workflows/image-publish.yml
@@ -54,7 +54,13 @@ jobs:
         push: true
         tags: ${{ steps.docker_meta.outputs.tags }}
     - name: Sign the container images
-      run: cosign sign --yes ${TAGS}
+      run: |
+        images=""
+        for tag in ${TAGS}; do
+          images+="${tag}@${DIGEST} "
+        done
+        cosign sign --yes ${images}
       env:
         TAGS: ${{ steps.docker_meta.outputs.tags }}
         COSIGN_EXPERIMENTAL: 1
+        DIGEST: ${{ steps.build-and-push.outputs.digest }}