go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-09-16 09:26:52 +02:00
Code Issues Releases Activity

fix(ci): dont need to sign sboms as we already sign the checksums

Browse Source 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
This commit is contained in:
Carlos A Becker
2021-12-22 14:36:51 -03:00
parent eb8d66f6fd
commit 8e3fa2cb36
1 changed files with 0 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.goreleaser.yaml
View File

@@ -217,19 +217,6 @@ signs:
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
- id: sign-sboms
cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: '${artifact}.pem'
output: true
args:
- sign-blob
- '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
artifacts: sbom
docker_signs:
- cmd: cosign