Changelog
Fixed
- 8871b3e: fix: only push to Artifact Registry on nightly builds (#365) (@mouseslip)
Other stuff
- 237e8ba: chore: auto-update generated files (#362)
- ff0bce0: chore(neuralwatt): add GLM-5.2 (#363) (@Amolith)
- 970fba3: chore: auto-update generated files (#356)
- 53f9440: ci: deploy catwalk to Cloud Run on dev (#359) (@mouseslip)
- 87738d3: ci: push images to Artifact Registry on dev (#349) (@mouseslip)
Verifying the artifacts
First, download the checksums.txt file and the checksums.txt.sigstore.json file files, for example, with wget:
wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.44.28/checksums.txt'
wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.44.28/checksums.txt.sigstore.json'Then, verify it using cosign:
cosign verify-blob \
--certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle 'checksums.txt.sigstore.json' \
./checksums.txtIf the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:
sha256sum --ignore-missing -c checksums.txtDone! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.
Contributors
Amolith and mouseslip