diff --git a/.github/workflows/sigstore.yml b/.github/workflows/sigstore.yml
index 82972a0..d3967d3 100644
--- a/.github/workflows/sigstore.yml
+++ b/.github/workflows/sigstore.yml
@@ -27,13 +27,14 @@ jobs:
         uses: sigstore/cosign-installer@v3.7.0
       - name: Check Cosign
         run: cosign version
-      - name: Cosign with OIDC
+      - name: Get latest tag
+        run: echo "LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1` | tr -d 'v')" >> $GITHUB_ENV
+      - name: Get digest
         run: |
-          # Get the latest tag
-          LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1` | tr -d 'v')
-          # Obtain the digest from this tag
           DIGEST=$(curl "https://hub.docker.com/v2/repositories/snyk/snyk-universal-broker/tags/${LATEST_TAG}" | jq '.digest' -r)
-          # Sign the image, using GitHub as an OIDC provider
+          echo "DIGEST=${DIGEST}" >> $GITHUB_ENV
+      - name: Cosign with OIDC
+        run: |
           cosign sign --yes snyk/snyk-universal-broker@${DIGEST}
           cosign sign --yes snyk/snyk-universal-broker:${LATEST_TAG}
       - name: Verify signature