fix(ci): Correctly set signing for pushing container images (#161)

.github/workflows/build.yml

@@ -20,6 +20,11 @@ on:
       - "main"
     tags:
       - "v*"
+    paths:
+      - ".github/workflows/build.yaml"
+      - "src/openllm/bundle/oci/Dockerfile"
+      - "src/openllm/**"
+      - "src/openllm_client/**"
   pull_request:
     branches:
       - "main"
@@ -166,6 +171,8 @@ jobs:
           cache-to: type=s3,region=${{ env.AWS_REGION }},bucket=openllm-cache,name=y5w8i4y6,mode=max,compression=zstd,ignore-error=true
       - name: Sign the released image
         if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
         run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.meta.build-and-push.outputs.digest }}
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@master

changelog.d/template.md.jinja

@@ -1,10 +1,10 @@
 {%- if versiondata["version"] == "main" -%}
 ## Changes for the Upcoming Release
 
-:::{warning}
-These changes reflect the current [development progress](https://github.com/bentoml/openllm/tree/main) and have **not** been part of a official PyPI release yet.
-To try out the latest change, one can do: `pip install -U git+https://github.com/bentoml/openllm.git@main`
-:::
+> **Warning**: These changes reflect the current [development progress](https://github.com/bentoml/openllm/tree/main)
+> and have **not** been part of a official PyPI release yet.
+> To try out the latest change, one can do: `pip install -U git+https://github.com/bentoml/openllm.git@main`
+
 {% else -%}
 ## [{{ versiondata["version"] }}](https://github.com/bentoml/openllm/tree/v{{ versiondata["version"] }})
 {%- endif %}