From 979221d780bb4fa9350b40874a1a742d643a6a9e Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 30 Aug 2021 14:30:17 -0700 Subject: [PATCH] [action] goreleaser cosign new key pair --- .github/workflows/release.yml | 5 ++++- .goreleaser.yml | 2 +- cosign.pub | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 232fa59c..f6faf23e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -109,6 +109,10 @@ jobs: uses: sigstore/cosign-installer@main with: cosign-release: 'v1.1.0' + - + name: Write cosign key to disk + id: write_key + run: echo ${{ secrets.COSIGN_KEY }} > "./cosign.key" - name: Run GoReleaser uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0 @@ -118,7 +122,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.PAT }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - COSIGN_KEY: ${{ secrets.COSIGN_KEY }} release_deb: name: Build & Release Debian package diff --git a/.goreleaser.yml b/.goreleaser.yml index e28de4be..2d10832d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -74,7 +74,7 @@ checksum: signs: - cmd: cosign stdin: '{{ .Env.COSIGN_PWD }}' - args: ["sign-blob", "-key=<(echo '{{ .Env.COSIGN_KEY }}')", "-output=${signature}", "${artifact}"] + args: ["sign-blob", "-key=cosign.key", "-output=${signature}", "${artifact}"] artifacts: all snapshot: name_template: "{{ .Tag }}-next" diff --git a/cosign.pub b/cosign.pub index 7e78358c..69957157 100644 --- a/cosign.pub +++ b/cosign.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIPEjPgrDZ7P/XY8GhDJ8ODM/EQjW -djYEh3zk0ooMjS8ufiRHKcf330r+LyfxPJneQnd6QhXMMVQ79ZjQY83j5w== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB/6PlQ62DpSB/aaGeMVJMuz73QA2 +XDfsoH9BqpKwTHhmHnLA9YKizF3iC+6nfRx+ifOviS7st47tYQyaQMpl5w== -----END PUBLIC KEY-----