mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-04 19:35:38 +00:00
Updating release to sign checksums
This commit is contained in:
parent
0e803833fb
commit
c8f6c1a042
11
.github/workflows/release.yml
vendored
11
.github/workflows/release.yml
vendored
@ -8,6 +8,9 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
publishGitRelease:
|
publishGitRelease:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
id-token: write
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
||||||
@ -37,12 +40,20 @@ jobs:
|
|||||||
--output=yq.1
|
--output=yq.1
|
||||||
man.md
|
man.md
|
||||||
|
|
||||||
|
- name: Install cosign
|
||||||
|
uses: sigstore/cosign-installer@v3
|
||||||
|
|
||||||
- name: Cross compile
|
- name: Cross compile
|
||||||
run: |
|
run: |
|
||||||
sudo apt-get install rhash -y
|
sudo apt-get install rhash -y
|
||||||
go install github.com/goreleaser/goreleaser/v2@latest
|
go install github.com/goreleaser/goreleaser/v2@latest
|
||||||
./scripts/xcompile.sh
|
./scripts/xcompile.sh
|
||||||
|
|
||||||
|
- name: Sign checksums
|
||||||
|
run: |
|
||||||
|
cosign sign-blob --yes --output-bundle build/checksums.bundle build/checksums
|
||||||
|
cosign sign-blob --yes --output-bundle build/checksums-bsd.bundle build/checksums-bsd
|
||||||
|
|
||||||
- name: Release
|
- name: Release
|
||||||
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
|
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
|
||||||
with:
|
with:
|
||||||
|
|||||||
@ -13,6 +13,11 @@
|
|||||||
then update the FROM line in github-action/Dockerfile with the new digest:
|
then update the FROM line in github-action/Dockerfile with the new digest:
|
||||||
FROM mikefarah/yq:4@sha256:<new-digest>
|
FROM mikefarah/yq:4@sha256:<new-digest>
|
||||||
|
|
||||||
|
// release artifacts are signed with cosign keyless signing (Sigstore)
|
||||||
|
// users can verify with:
|
||||||
|
// cosign verify-blob --bundle checksums.bundle checksums
|
||||||
|
// install cosign: brew install cosign OR go install github.com/sigstore/cosign/v2/cmd/cosign@latest
|
||||||
|
|
||||||
|
|
||||||
- snapcraft
|
- snapcraft
|
||||||
- update snapcraft version
|
- update snapcraft version
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user