Skip to content
release

Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#507) #26

Sign in to view logs

Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#507)

Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#507) #26

Workflow file for this run

.github/workflows/release.yml at 537cd20
name: release
# run only on tags
on:
push:
tags:
- 'v*'
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for push images
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags)
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: '1.22'
check-latest: true
- uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> "$GITHUB_ENV"
- name: Login to GitHub Containers
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
KO_DOCKER_REPO: ghcr.io/sigstore/gitsign
- name: sign image
run: |
digest=$(crane digest ghcr.io/sigstore/gitsign:${{ env.RELEASE_VERSION }})
cosign sign "ghcr.io/sigstore/gitsign@${digest}"
env:
COSIGN_YES: true