- Notifications
You must be signed in to change notification settings - Fork947
feat: sign coder binaries with the release key using GPG#18774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
3c01e7d toe80259cCompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
90e69df toddd2adaCompareUh oh!
There was an error while loading.Please reload this page.
dc0919d intomainUh oh!
There was an error while loading.Please reload this page.
/cherry-pick release/2.24 |
/cherry-pick release/2.23 |
Description
This PR introduces GPG signing for all Coderslim-binaries.
Detached signatures will allow users to verify the integrity and authenticity of the binaries they download.
Changes
scripts/sign_with_gpg.sh: New script to sign a given binaryusing GPG. It imports the release key, signs the binary, and
verifies the signature.
scripts/build_go.sh: Updated to callsign_with_gpg.shwhen theCODER_SIGN_GPGenvironment variable is set to 1..github/workflows/release.yaml: TheCODER_SIGN_GPGenvironmentvariable is now set to 1 during the release build, enabling GPG
signing for all release binaries.
.github/workflows/ci.yaml: TheCODER_SIGN_GPGenvironmentvariable is now set to 1 during the CI build, enabling GPG
signing for all CI binaries.
Makefile: Detached signatures are moved to the/site/out/bin/directory