mirror of
https://github.com/caddyserver/caddy.git
synced 2026-05-13 09:06:41 +00:00
Merge 62b11d1f39 into 4ba16fe82c
This commit is contained in:
EINIER FREYRE CORONA
GitHub
commit
e8093585bb
2 changed files with 3 additions and 5 deletions
3
.github/workflows/release.yml
vendored
3
.github/workflows/release.yml
vendored
|
|
@ -415,7 +415,7 @@ jobs:
|
|||
run: pip install --upgrade cloudsmith-cli
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # main
|
||||
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
|
||||
- name: Cosign version
|
||||
run: cosign version
|
||||
- name: Install Syft
|
||||
|
|
@ -435,7 +435,6 @@ jobs:
|
|||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
TAG: ${{ steps.vars.outputs.version_tag }}
|
||||
COSIGN_EXPERIMENTAL: 1
|
||||
|
||||
# Only publish on non-special tags (e.g. non-beta)
|
||||
# We will continue to push to Gemfury for the foreseeable future, although
|
||||
|
|
|
|||
|
|
@ -90,9 +90,8 @@ builds:
|
|||
|
||||
signs:
|
||||
- cmd: cosign
|
||||
signature: "${artifact}.sig"
|
||||
certificate: '{{ trimsuffix (trimsuffix .Env.artifact ".zip") ".tar.gz" }}.pem'
|
||||
args: ["sign-blob", "--yes", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"]
|
||||
signature: "${artifact}.sigstore"
|
||||
args: ["sign-blob", "--yes", "--bundle=${signature}", "${artifact}"]
|
||||
artifacts: all
|
||||
|
||||
sboms:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue