Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: remove signing #394

Merged
merged 2 commits into from
Aug 1, 2024
Merged

ci: remove signing #394

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e7089a4
ci: remove signing
MarvinJWendt Aug 1, 2024
d731458
docs: remove signing docs
MarvinJWendt Aug 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ jobs:
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
with:
Expand Down
13 changes: 0 additions & 13 deletions .goreleaser.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,19 +35,6 @@ source:
checksum:
name_template: 'checksums.txt'

signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: '${artifact}.pem'
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
artifacts: checksum
output: true

archives:
- format: tar.gz
name_template: '{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}'
Expand Down
16 changes: 4 additions & 12 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,30 +83,22 @@ Values can then be accessed with template expressions like for example `{{ .Exte

### Release via GoReleaser

We use for the release of the `go-template` project [GoReleaser](https://goreleaser.com/). `GoReleaser` is a tool that
We use for the release of the `go-template` project [GoReleaser](https://goreleaser.com/). `GoReleaser` is a tool that
helps you to release your projects in a fast and easy way.

Important is the `.goreleaser.yaml` file which is used to configure the release process.

We can start locale builds with adding the `--snapshot` flag to the `goreleaser` command. The `--snapshot` flag will
We can start locale builds with adding the `--snapshot` flag to the `goreleaser` command. The `--snapshot` flag will
disable some of the phases, like creating a release tag and pushing to the remote.

```bash
goreleaser build --rm-dist --snapshot
```

or even a release with:
or even a release with:

```bash
goreleaser release --snapshot --rm-dist
```

Check the great documentation of GoReleaser [here](https://goreleaser.com/intro/) for further information.

#### Cosign and Syft

During the release process we use `cosign` to keyless sign the release artifacts.

On top of that, we use `syft` to generate a Software Bill of Materials (SBOM) from our go modules.

Check the docs for [`syft`](https://github.com/anchore/syft) and [`cosign`](https://github.com/sigstore/cosign)
for further information.
Loading