Commit6898794

committed

feat: sign release artifacts with cosign

1 parentfd792ae commit6898794Copy full SHA for 6898794

File tree

+16

-0

lines changed

+16

-0

lines changed

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,9 @@ on:`
`7`	`7`	`jobs:`
`8`	`8`	`release:`
`9`	`9`	`runs-on:ubuntu-latest`
	`10`	`+permissions:`
	`11`	`+contents:write`
	`12`	`+id-token:write# for cosign`
`10`	`13`	`env:`
`11`	`14`	`# https://github.com/actions/setup-go#supported-version-syntax`
`12`	`15`	`# ex:`
`@@ -57,6 +60,9 @@ jobs:`
`57`	`60`	`-name:Install snapcraft`
`58`	`61`	`run:sudo snap install snapcraft --classic`
`59`	`62`
	`63`	`+ -name:Set up cosign`
	`64`	`+uses:sigstore/cosign-installer@v3`
	`65`	`+`
`60`	`66`	`-name:Set up QEMU`
`61`	`67`	`uses:docker/setup-qemu-action@v3`
`62`	`68`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,16 @@ release:`
`87`	`87`
`88`	`88`	`For key updates, see the [changelog](https://golangci-lint.run/product/changelog/#{{ .Major }}{{ .Minor }}{{ .Patch }}).`
`89`	`89`
	`90`	`+signs:`
	`91`	`+ -signature:${artifact}.cosign.bundle`
	`92`	`+cmd:cosign`
	`93`	`+args:`
	`94`	`+ -sign-blob`
	`95`	`+ ---bundle=${signature}`
	`96`	`+ ---yes`
	`97`	`+ -${artifact}`
	`98`	`+artifacts:checksum`
	`99`	`+`
`90`	`100`	`source:`
`91`	`101`	`enabled:true`
`92`	`102`	`name_template:'{{ .ProjectName }}-{{ .Version }}-source'`

Comments

(0)