From 56430b32ccb8f7d735984f20e269972a052e794a Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 3 Oct 2022 17:03:42 -0600 Subject: [PATCH] prepare workflows for signing releases Signed-off-by: cpanato --- .github/workflows/ci-goreleaser.yaml | 16 +++++++++++++++- .github/workflows/release.yaml | 14 +++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-goreleaser.yaml b/.github/workflows/ci-goreleaser.yaml index 6729e5b4..b404b9a9 100644 --- a/.github/workflows/ci-goreleaser.yaml +++ b/.github/workflows/ci-goreleaser.yaml @@ -18,12 +18,24 @@ jobs: check-goreleaser: name: Check GoReleaser Configuration runs-on: ubuntu-20.04 + + permissions: + id-token: write + packages: write + contents: write + steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 + - name: Install cosign + uses: sigstore/cosign-installer@v2 + + - name: Install syft + uses: anchore/sbom-action/download-syft@v0.12.0 + - name: Setup QEMU uses: docker/setup-qemu-action@v2 with: @@ -44,4 +56,6 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: --snapshot --rm-dist --timeout 1h + args: --snapshot --rm-dist --timeout 120m + env: + COSIGN_EXPERIMENTAL: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9aacf6e7..5c296b01 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,12 +9,23 @@ jobs: name: Release runs-on: ubuntu-20.04 + permissions: + id-token: write + packages: write + contents: write + steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 + - name: Install cosign + uses: sigstore/cosign-installer@v2 + + - name: Install syft + uses: anchore/sbom-action/download-syft@v0.12.0 + - name: Setup QEMU uses: docker/setup-qemu-action@v2 with: @@ -45,6 +56,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release --rm-dist --timeout 90m + args: release --rm-dist --timeout 120m env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + COSIGN_EXPERIMENTAL: true