diff --git a/__tests__/goreleaser.test.ts b/__tests__/goreleaser.test.ts
index c7fdd30..74026d5 100644
--- a/__tests__/goreleaser.test.ts
+++ b/__tests__/goreleaser.test.ts
@@ -16,11 +16,38 @@ describe('install', () => {
     expect(fs.existsSync(bin)).toBe(true);
   }, 100000);
 
+  // The following pinned versions exercise install across release eras to
+  // guard against regressions in checksum handling and the cosign skip path:
+  //   - v0.182.0  : pre-checksums-signing era
+  //   - v1.26.2   : cosign v2 detached `.sig` only
+  //   - v2.12.4   : last release before sigstore bundles (cosign skipped)
+  //   - v2.13.0   : first release with cosign v3 sigstore bundle
+  //   - v2.15.3   : recent release with sigstore bundle
+  it('acquires v0.182.0 (pre-signing) version of GoReleaser', async () => {
+    const bin = await goreleaser.install('goreleaser', 'v0.182.0');
+    expect(fs.existsSync(bin)).toBe(true);
+  }, 100000);
+
+  it('acquires v1.26.2 (cosign v2 .sig) version of GoReleaser', async () => {
+    const bin = await goreleaser.install('goreleaser', 'v1.26.2');
+    expect(fs.existsSync(bin)).toBe(true);
+  }, 100000);
+
+  it('acquires v2.12.4 (last pre-sigstore-bundle) version of GoReleaser', async () => {
+    const bin = await goreleaser.install('goreleaser', 'v2.12.4');
+    expect(fs.existsSync(bin)).toBe(true);
+  }, 100000);
+
   it('acquires v2.13.0 (minimum cosign-verifiable) version of GoReleaser', async () => {
     const bin = await goreleaser.install('goreleaser', 'v2.13.0');
     expect(fs.existsSync(bin)).toBe(true);
   }, 100000);
 
+  it('acquires v2.15.3 (recent sigstore-bundle) version of GoReleaser', async () => {
+    const bin = await goreleaser.install('goreleaser', 'v2.15.3');
+    expect(fs.existsSync(bin)).toBe(true);
+  }, 100000);
+
   it('acquires latest v2 version of GoReleaser Pro', async () => {
     const bin = await goreleaser.install('goreleaser-pro', '~> v2');
     expect(fs.existsSync(bin)).toBe(true);
@@ -112,6 +139,14 @@ describe('verifyChecksum', () => {
     expect(fs.existsSync(bin)).toBe(true);
   }, 120000);
 
+  it('installs a pre-v2.13 release (no sigstore bundle) without failing when cosign is present', async () => {
+    // v2.12.x is the last release that did NOT publish checksums.txt.sigstore.json.
+    // The action must still install it cleanly: checksum verified, cosign step skipped.
+    await requireCosign();
+    const bin = await goreleaser.install('goreleaser', 'v2.12.4');
+    expect(fs.existsSync(bin)).toBe(true);
+  }, 120000);
+
   it('throws on checksum mismatch', async () => {
     const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gha-'));
     const archive = path.join(dir, 'fake.tar.gz');