ci: auto-accept cosign prompt within goreleaser config

purpleclay · Apr 3, 2023 · 7c13218 · 7c13218
1 parent 3ba6b9c
commit 7c13218
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -23,14 +23,16 @@ on:
   push:
     tags:
       - "v*.*.*"
+
+permissions:
+  actions: read
+  contents: write
+  id-token: write
+  packages: write
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      id-token: write
-      packages: write
     steps:
       - name: Git Clone
         uses: actions/checkout@v3
@@ -53,7 +55,7 @@ jobs:
         uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GH_GORELEASER }}
           FURY_TOKEN: ${{ secrets.GH_FURY_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -89,11 +89,8 @@ changelog:
 sboms:
   - artifacts: archive
 
-# Use Keyless experimental signing with cosign, see: https://github.com/sigstore/cosign/blob/main/KEYLESS.md
 signs:
   - cmd: cosign
-    env:
-      - COSIGN_EXPERIMENTAL=1
     certificate: "${artifact}.pem"
     output: true
     artifacts: checksum
@@ -102,6 +99,7 @@ signs:
       - "--output-certificate=${certificate}"
       - "--output-signature=${signature}"
       - "${artifact}"
+      - --yes
 
 brews:
   - name: nsv