Skip to content

Sign checksum with cosign #4181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 4, 2023
Merged

Sign checksum with cosign #4181

merged 1 commit into from
Aug 4, 2023

Conversation

lucacome
Copy link

@lucacome lucacome commented Aug 3, 2023

Proposed changes

Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to
Adds config to sign artifacts. Since the checksum contains the SHAs of the artifacts, signing the checksums is enough to ensure that the artifacts were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to the release.

@lucacome
Sign checksum with cosign
6418e9e 
Adds config to sign artifacts. Since the checksum contains the SHAs of
the artifacts, signing the checksums is enough to ensure that the artifacts
were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to
the release.
@lucacome lucacome self-assigned this Aug 3, 2023
@lucacome lucacome requested a review from a team as a code owner August 3, 2023 21:46
@github-actions
Copy link
Contributor

github-actions bot commented Aug 3, 2023

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

.github/workflows/ci.yml

@github-actions github-actions bot added the chore Pull requests for routine tasks label Aug 3, 2023
@codecov
Copy link

codecov bot commented Aug 3, 2023

Codecov Report

Merging #4181 (6418e9e) into main (964b203) will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #4181      +/-   ##
==========================================
- Coverage   51.95%   51.92%   -0.03%     
==========================================
  Files          59       59              
  Lines       16743    16743              
==========================================
- Hits         8698     8694       -4     
- Misses       7748     7750       +2     
- Partials      297      299       +2

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@lucacome lucacome merged commit d64b566 into main Aug 4, 2023
@lucacome lucacome deleted the chore/sign-artifacts branch August 4, 2023 16:31
lucacome added a commit that referenced this pull request Aug 17, 2023
@lucacome
Sign checksum with cosign (#4181)
153f568 
Adds config to sign artifacts. Since the checksum contains the SHAs of
the artifacts, signing the checksums is enough to ensure that the artifacts
were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to
the release.

(cherry picked from commit d64b566)
lucacome added a commit that referenced this pull request Aug 17, 2023
@lucacome
Sign checksum with cosign (#4181) (#4258)
c90e4fc 
Adds config to sign artifacts. Since the checksum contains the SHAs of
the artifacts, signing the checksums is enough to ensure that the artifacts
were not modified.

GoReleaser uses cosign to sign the artifact and uploads .sig and .pem to
the release.

(cherry picked from commit d64b566)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haywoodsh haywoodsh haywoodsh approved these changes

@vepatel vepatel vepatel approved these changes

+1 more reviewer

@jjngx jjngx jjngx approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@lucacome lucacome

Labels

chore Pull requests for routine tasks

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lucacome @haywoodsh @vepatel @jjngx