Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign checksum with cosign (#4181) #4258

Merged
merged 2 commits into from
Aug 17, 2023
Merged

Sign checksum with cosign (#4181) #4258

merged 2 commits into from
Aug 17, 2023

Conversation

lucacome
Copy link
Member

Adds config to sign artifacts. Since the checksum contains the SHAs of
the artifacts, signing the checksums is enough to ensure that the artifacts
were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to
the release.

(cherry picked from commit d64b566)

@lucacome
Sign checksum with cosign (#4181)
153f568 
Adds config to sign artifacts. Since the checksum contains the SHAs of
the artifacts, signing the checksums is enough to ensure that the artifacts
were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to
the release.

(cherry picked from commit d64b566)
@lucacome lucacome self-assigned this Aug 17, 2023
@lucacome lucacome requested a review from a team as a code owner August 17, 2023 21:00
@github-actions github-actions bot added the chore Pull requests for routine tasks label Aug 17, 2023
@github-actions
Copy link

github-actions bot commented Aug 17, 2023
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

.github/workflows/ci.yml

@codecov
Copy link

codecov bot commented Aug 17, 2023

Codecov Report

Merging #4258 (e62bdbe) into release-3.2 (926e555) will increase coverage by 0.02%.
The diff coverage is n/a.

@@               Coverage Diff               @@
##           release-3.2    #4258      +/-   ##
===============================================
+ Coverage        51.83%   51.85%   +0.02%     
===============================================
  Files               59       59              
  Lines            16705    16705              
===============================================
+ Hits              8659     8663       +4     
+ Misses            7747     7745       -2     
+ Partials           299      297       -2

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

jasonwilliams14
jasonwilliams14 reviewed Aug 17, 2023
View reviewed changes
Copy link
Contributor

@jasonwilliams14 jasonwilliams14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

jasonwilliams14
jasonwilliams14 approved these changes Aug 17, 2023
View reviewed changes
Copy link
Contributor

@jasonwilliams14 jasonwilliams14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@lucacome lucacome merged commit c90e4fc into release-3.2 Aug 17, 2023
@lucacome lucacome deleted the chore/sign-artifacts branch August 17, 2023 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dreesf5 dreesf5 dreesf5 approved these changes

@jasonwilliams14 jasonwilliams14 jasonwilliams14 approved these changes

Assignees

@lucacome lucacome

Labels
chore Pull requests for routine tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lucacome @jasonwilliams14 @dreesf5