Skip to content

Commit

Permalink
chore: sign checksums file for release binaries (argoproj#10963)
Browse files Browse the repository at this point in the history 
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: Nicholas Johnson <nbjohnson10@gmail.com>
  • Loading branch information
@34fathombelow @nbjohnson
34fathombelow authored and nbjohnson committed Oct 18, 2022
1 parent feb322f commit 94d1c22
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,10 +219,10 @@ jobs:
with:
cosign-release: 'v1.13.0'

- name: Sign Argo CD container images
- name: Sign Argo CD container images and assets
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
cosign sign --key env://COSIGN_PRIVATE_KEY docker.io/argoproj/argocd:v${TARGET_VERSION}
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub
env:
Expand Down

0 comments on commit 94d1c22

Please sign in to comment.