diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 366ec55..93d4a31 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -89,6 +89,10 @@ jobs:
       # repository is public to avoid leaking data.  If you would like to publish
       # transparency data even for private images, pass --force to cosign below.
       # https://github.com/sigstore/cosign
+      - name: prepare cosign
+        uses: sigstore/cosign-installer@v3.5.0
+        with:
+          cosign-release: 'v2.2.4' # optional
       - name: Sign the published Docker image
         if: ${{ github.event_name != 'pull_request' }}
         env: