Remove EXPERIMENTAL flag for keyless signing

EXPERIMENTAL flag is not necessary anymore in Cosign v0.14.0

See also: sigstore/cosign#2457

Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>

Author: JeroenKnoops

CHANGELOG.md

@@ -6,6 +6,7 @@ and this project uses the version of main tool as main version number .
 
 ## [Unreleased]
 
+- Remove experimental flag for keyless signing
 - Rename arguments to reflect multiple container registries.
 
 ## v5.0.0

bin/install_cosign.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-COSIGN_RELEASE=v1.13.1
+COSIGN_RELEASE=v1.14.0
 INSTALL_DIR=$HOME/.cosign
 
 RUNNER_OS=$(uname)

container_digest.sh

@@ -75,7 +75,6 @@ then
     echo 'Keyless signing'
     COSIGN_KEY_ARGUMENT=""
     COSIGN_PUB_ARGUMENT=""
-    export COSIGN_EXPERIMENTAL=1
   else
     echo 'Signing using COSIGN keys'
     COSIGN_KEY=$(mktemp /tmp/cosign.XXXXXXXXXX) || exit 1
@@ -113,7 +112,6 @@ then
     echo '```bash'
     if [ -n "${KEYLESS}" ]
     then
-      echo "export COSIGN_EXPERIMENTAL=1"
       echo "cosign verify $registry_url_prefix/$imagename@${containerdigest}"
     else
       echo "cosign verify --key cosign.pub $registry_url_prefix/$imagename@${containerdigest}"
@@ -177,7 +175,6 @@ then
       echo '```bash'
       if [ -n "${KEYLESS}" ]
       then
-        echo "export COSIGN_EXPERIMENTAL=1"
         echo "cosign verify-attestation --type slsaprovenance $registry_url_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType==\"https://slsa.dev/provenance/v0.2\" ) | .'"
         # TODO: Add tlog
       else
@@ -234,7 +231,6 @@ then
       echo '```bash'
       if [ -n "${KEYLESS}" ]
       then
-        echo "export COSIGN_EXPERIMENTAL=1"
         echo "cosign verify-attestation --type spdx $registry_url_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select( .predicateType==\"https://spdx.dev/Document\" ) | .predicate.Data | fromjson | .'"
         # TODO: Add tlog
       else