From c39293e390c35165d9375c2840b51b4bd692d059 Mon Sep 17 00:00:00 2001 From: Mathieu Benoit Date: Wed, 20 Nov 2024 22:51:08 -0500 Subject: [PATCH 1/2] Update release.yaml - install cosign before goreleaser Signed-off-by: Mathieu Benoit --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3a8662f..b710496 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -21,6 +21,8 @@ jobs: uses: actions/setup-go@v5 with: go-version-file: 'go.mod' + - name: Install Cosign + uses: sigstore/cosign-installer@v3 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: @@ -48,8 +50,6 @@ jobs: tags: | ghcr.io/score-spec/score-k8s:${{ github.ref_name }} ghcr.io/score-spec/score-k8s:latest - - name: Install Cosign - uses: sigstore/cosign-installer@v3 - name: Sign container image run: | cosign sign --yes ghcr.io/score-spec/score-k8s@${{ steps.build-push-container.outputs.digest }} From 8b65eeedd514b101ced932dbab15214b9238d299 Mon Sep 17 00:00:00 2001 From: Mathieu Benoit Date: Wed, 20 Nov 2024 22:53:58 -0500 Subject: [PATCH 2/2] Update .goreleaser.yaml - cosign Signed-off-by: Mathieu Benoit --- .goreleaser.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f977083..11e7e4d 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -41,3 +41,16 @@ brews: commit_author: name: rachfop email: prachford@icloud.com +signs: + - cmd: cosign + signature: "${artifact}.sig" + certificate: "${artifact}.pem" + args: + - sign-blob + - '--oidc-provider=github-actions' + - '--output-certificate=${certificate}' + - '--output-signature=${signature}' + - '${artifact}' + - --yes + artifacts: all + output: true