mudhorn/oh-my-posh
1
0
Fork 0
mirror of https://github.com/JanDeDobbeleer/oh-my-posh.git synced 2024-09-19 21:17:31 -07:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

chore(build): sign checksums with openssl

Browse source
This commit is contained in:
Jan De Dobbeleer 2024-07-04 10:20:49 +02:00 committed by Jan De Dobbeleer
parent df4a81e2f6
commit ad9a598edd
4 changed files with 10 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/release.yml vendored
View file

@ -34,7 +34,7 @@ jobs:
if: ${{ needs.changelog.outputs.skipped == 'false' }} if: ${{ needs.changelog.outputs.skipped == 'false' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
COSIGN_KEY_LOCATION: "/tmp/cosign.key" SIGNING_KEY_LOCATION: "/tmp/private_key.pem"
defaults: defaults:
run: run:
shell: pwsh shell: pwsh
@ -49,25 +49,19 @@ jobs:
git config --global user.name "GitHub Actions" git config --global user.name "GitHub Actions"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag ${{ needs.changelog.outputs.tag }} git tag ${{ needs.changelog.outputs.tag }}
- name: Install cosign 🔑
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
with:
cosign-release: 'v1.4.0'
- name: Private Key 🔐 - name: Private Key 🔐
run: | run: |
$PSDefaultParameterValues['Out-File:Encoding']='UTF8' $PSDefaultParameterValues['Out-File:Encoding']='UTF8'
$env:COSIGN_KEY > $env:COSIGN_KEY_LOCATION $env:SIGNING_KEY > $env:SIGNING_KEY_LOCATION
env: env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}} SIGNING_KEY: ${{secrets.SIGNING_KEY}}
- name: Run GoReleaser 🚀 - name: Run GoReleaser 🚀
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200
with: with:
distribution: goreleaser distribution: goreleaser
version: latest version: latest
args: build --clean args: release --clean --skip publish
workdir: src workdir: src
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- name: Zip theme files 🤐 - name: Zip theme files 🤐
run: | run: |
$compress = @{ $compress = @{
@ -94,3 +88,4 @@ jobs:
files: | files: |
src/dist/posh-* src/dist/posh-*
src/dist/themes.* src/dist/themes.*
src/dist/checksums.txt

1
.gitignore vendored
View file

@ -2,6 +2,7 @@
.fleet/ .fleet/
src/test/umbraco/obj/ src/test/umbraco/obj/
src/keys
# Created by https://www.toptal.com/developers/gitignore/api/node,go,visualstudiocode # Created by https://www.toptal.com/developers/gitignore/api/node,go,visualstudiocode
# Edit at https://www.toptal.com/developers/gitignore?templates=node,go,visualstudiocode # Edit at https://www.toptal.com/developers/gitignore?templates=node,go,visualstudiocode

4
cosign.pub
View file

@ -1,4 +0,0 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLQ9sj71/ignxPXEa072vezEZf5D
X1fO3KuoFCtzYTLc/c3rwVGtIdzc02qUoXABysJ0Ok8lsmWvwKvC7yWblg==
-----END PUBLIC KEY-----

7
src/.goreleaser.yml
View file

@ -37,14 +37,15 @@ builds:
goarch: arm goarch: arm
- goos: windows - goos: windows
goarch: arm goarch: arm
hooks:
post:
- sh -c "cosign sign-blob --key $COSIGN_KEY_LOCATION {{ .Path }} > dist/{{ .Name }}.sig"
archives: archives:
- id: oh-my-posh - id: oh-my-posh
format: binary format: binary
name_template: "posh-{{ .Os }}-{{ .Arch }}" name_template: "posh-{{ .Os }}-{{ .Arch }}"
checksum: checksum:
name_template: 'checksums.txt' name_template: 'checksums.txt'
signs:
- cmd: openssl
args: [ "dgst", "-sha256", "-sign", "{{ .Env.SIGNING_KEY_LOCATION }}", "-out", "${artifact}.sig", "${artifact}" ]
artifacts: checksum
changelog: changelog:
disable: true disable: true