Skip to content

Commit

Permalink
sign artifacts
Browse files Browse the repository at this point in the history
  • Loading branch information
Hsn723 committed May 28, 2022
1 parent 1e2c112 commit 927ead0
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 6 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
VERSION @hsn723
3 changes: 2 additions & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ jobs:
fetch-depth: 0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: anchore/sbom-action/[email protected]
- name: Setup go
uses: actions/setup-go@v3
with:
Expand All @@ -88,7 +89,7 @@ jobs:
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: --snapshot --skip-publish --rm-dist
args: --snapshot --skip-sign --skip-publish --rm-dist
- name: Test built containers
run: make container-structure-test
tag:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ on:
push:
tags:
- 'v*'
permissions:
contents: write
id-token: write
jobs:
release:
runs-on: ubuntu-latest
Expand All @@ -15,11 +18,8 @@ jobs:
fetch-depth: 0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: Docker Login
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: sigstore/[email protected]
- uses: anchore/sbom-action/[email protected]
- name: GHCR Login
uses: docker/login-action@v2
with:
Expand Down
28 changes: 28 additions & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,31 @@ snapshot:
name_template: "{{ .Tag }}-next"
changelog:
use: github-native
source:
enabled: true
sboms:
- id: archive
artifacts: archive
- id: source
artifacts: source
signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: '${artifact}.pem'
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
artifacts: checksum
output: true
docker_signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
artifacts: images
output: true
args:
- 'sign'
- '${artifact}'

0 comments on commit 927ead0

Please sign in to comment.