Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Sign all binary artifacts, not just release artifacts #1355

Closed
RyanGlScott opened this issue May 18, 2022 · 0 comments · Fixed by #1356
Closed

CI: Sign all binary artifacts, not just release artifacts #1355

RyanGlScott opened this issue May 18, 2022 · 0 comments · Fixed by #1356
Labels
CI Continuous integration
Milestone
3.0.0

Comments

@RyanGlScott
Copy link
Contributor

RyanGlScott commented May 18, 2022
edited
Loading

Currently, the CI only signs binary artifacts if they correspond to a full-blown release. (See here). I propose that we instead sign binary artifacts on every commit, not just releases, for the following reasons:

  1. Always signing binaries gives us more confidence that the CI process is working correctly.
  2. If something goes wrong with a release, it's handy to be able to download a binary artifact from an adjacent commit and have everything signed already.
  3. The .sig files that are produced are incredibly small (~500 bytes), so there no real file size penalty for including them.

See also GaloisInc/saw-script#1669.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI Continuous integration
Projects
None yet
Milestone
3.0.0
Development

Successfully merging a pull request may close this issue.

CI: Improve signing and tag workflows GaloisInc/cryptol
1 participant
@RyanGlScott