fix: custom-sigstore chainsaw

Signed-off-by: Ved Ratan <[email protected]>

.github/workflows/conformance.yaml

@@ -513,10 +513,6 @@ jobs:
               - standard
               - custom-sigstore
         k8s-version:
-          - name: v1.25
-            version: v1.25.x
-          - name: v1.26
-            version: v1.26.x
           - name: v1.27
             version: v1.27.x
           - name: v1.28
@@ -534,7 +530,7 @@ jobs:
         with:
           build-cache-key: run-conformance
       - name: Create kind cluster and setup Sigstore Scaffolding
-        uses: sigstore/scaffolding/actions/setup@d120ad89e1f5c9d4a0bbd92959c6874be2a2131d
+        uses: sigstore/scaffolding/actions/setup@d9197cb16e744297de67cfeef8a8e247d31206c4
         with:
           version: 'v0.6.8'
           k8s-version: ${{ matrix.k8s-version.version }}
@@ -571,7 +567,7 @@ jobs:
           TEST_IMAGE_URL=ttl.sh/${IMAGE_NAME}:1h
           crane copy cgr.dev/chainguard/static@$DIGEST $TEST_IMAGE_URL
           cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
-          COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
+          COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token $OIDC_TOKEN -y
           echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
       - name: Wait for kyverno ready
         uses: ./.github/actions/kyverno-wait-ready

test/conformance/kuttl/custom-sigstore/standard/basic/01-manifest.yaml

@@ -32,7 +32,7 @@ spec:
         entries:
         - keyless:
             issuer: "https://kubernetes.default.svc.cluster.local"
-            subject: "*"
+            subject: "https://kubernetes.io/namespaces/default/serviceaccounts/default"
             rekor:
               url: "{{ tufvalues.data.REKOR_URL }}"
       required: true