Skip to content

Commit

Permalink
Add script used to sign release artifact
Browse files Browse the repository at this point in the history
  • Loading branch information
LeSuisse committed Dec 28, 2021
1 parent 7d952f2 commit 1a584b7
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
12 changes: 12 additions & 0 deletions scripts/sign.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#! /usr/bin/env nix-shell
#! nix-shell --pure ../shell.nix -i bash

set -euxo pipefail

SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
cd -P "$( dirname "$SOURCE" )/../pkg"

gpg -u FFCBD29F3AFED453AE4B9E321D40FBA29EB39616 --armor --export --export-options export-minimal > public.key
find . -name '*.zip' -exec gpg --armor --detach-sign {} \;
find . -name '*.zip' -exec rekor-cli upload --artifact {} --signature {}.asc --public-key public.key \;
2 changes: 2 additions & 0 deletions shell.nix
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,7 @@ pkgs.mkShell {
pkgs.gitMinimal
pkgs.zip
pkgs.go_1_17
pkgs.gnupg
pkgs.rekor-cli
];
}

0 comments on commit 1a584b7

Please sign in to comment.