Implement cosign signing of release builds
references: - https://github.com/sigstore/cosign/blob/main/doc/cosign_sign-blob.md - https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ - https://github.com/marketplace/actions/cosign-installer
This commit is contained in:
Дамјан Георгиевски
parent
36aab2a7d2
commit
ac2f55f457
1 changed files with 13 additions and 5 deletions
18
.github/workflows/release.yml
vendored
18
.github/workflows/release.yml
vendored
|
|
@ -5,6 +5,10 @@ on:
|
|||
tags:
|
||||
- 'v*'
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
id-token: write
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Build and Release
|
||||
|
|
@ -25,18 +29,22 @@ jobs:
|
|||
asset_name: http-server-$tag-windows.zip
|
||||
zipcmd: 7z a -tzip
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: sigstore/cosign-installer@v3.4.0
|
||||
|
||||
- name: Build project
|
||||
run: cargo build --release --locked
|
||||
|
||||
- name: make release.zip
|
||||
run: ${{ matrix.zipcmd}} release.zip target/release/${{ matrix.artifact_name }}
|
||||
run: ${{ matrix.zipcmd}} ${{ matrix.asset_name }} target/release/${{ matrix.artifact_name }}
|
||||
|
||||
- name: Upload binary to release
|
||||
- name: Sign release.zip
|
||||
run: cosign sign-blob --yes --output-signature ${{ matrix.asset_name }}.sig --output-certificate ${{ matrix.asset_name }}.cert ${{ matrix.asset_name }}
|
||||
|
||||
- name: Upload artifacts to release
|
||||
uses: svenstaro/upload-release-action@v2
|
||||
with:
|
||||
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
file: release.zip
|
||||
asset_name: ${{ matrix.asset_name }}
|
||||
file: http-server-*
|
||||
file_glob: true
|
||||
tag: ${{ github.ref }}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue