Merge #10708

10708: ci: Re-enable checksums r=AaronFriel a=AaronFriel In the absence of key distribution or attestation of a "proper" signing key for now, this enables the "sign" job which adds checksum artifacts, sans signatures. This leaves open the possibility of using sigstore.dev & tooling, or some other tooling to sign artifacts. Fixes #10707. Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
pulumi · Sep 14, 2022 · b198194 · b198194
2 parents d42db65 + 0eeea47
commit b198194
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/ci-prepare-release.yml b/.github/workflows/ci-prepare-release.yml
@@ -80,9 +80,11 @@ jobs:
 
       - name: Sign checksums
         working-directory: artifacts
+        # Requires a signing key to be configured.
+        if: false
         shell: bash
         env:
-          RELEASE_KEY: ${{ secrets.RELEASE_KEY }}
+          # RELEASE_KEY: ${{ secrets.RELEASE_KEY }}
           version: ${{ inputs.version }}
         run: |
           set -u
@@ -110,7 +112,7 @@ jobs:
 
   publish:
     name: release
-    # needs: [sign]
+    needs: [sign]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3