Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign/attest releases #160

Closed
ericcornelissen opened this issue Feb 10, 2024 · 1 comment
Closed

Sign/attest releases #160

ericcornelissen opened this issue Feb 10, 2024 · 1 comment
Labels
meta Relates to the project or repository itself

Comments

@ericcornelissen
Copy link
Owner

ericcornelissen commented Feb 10, 2024
edited
Loading

Relates to #56, #136

Summary

Update the release pipeline for this project to, in addition to producing checksums, sign releases so that these can be verified by users if they want to.

This should cover the GitHub releases and container image. For the container image this will probably be done with cosign, which could also be used for GitHub releases (with blob signing).
@ericcornelissen ericcornelissen added the meta Relates to the project or repository itself label Feb 10, 2024
@ericcornelissen ericcornelissen mentioned this issue Mar 24, 2024
Merged
@ericcornelissen ericcornelissen changed the title Sign releases Sign/attest releases May 23, 2024
@ericcornelissen ericcornelissen mentioned this issue May 23, 2024
Merged
@ericcornelissen
Copy link
Owner Author

This is finished with #210 covering containers on Docker hub (since v24.04) and #252 covering artifacts included in GitHub releases (since v24.06).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meta Relates to the project or repository itself
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericcornelissen