-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: create SLSA Provenance and sign checksum files by Cosign
- Loading branch information
1 parent
011edc9
commit fc155f8
Showing
6 changed files
with
92 additions
and
112 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
name: Release | ||
on: | ||
push: | ||
tags: [v*] | ||
permissions: {} | ||
jobs: | ||
release: | ||
uses: suzuki-shunsuke/go-release-workflow/.github/workflows/release.yaml@8e0d6d2a7171206b9d95b3b59fe74f8333b1be1b # v0.1.0 | ||
with: | ||
homebrew: true | ||
secrets: | ||
gh_app_id: ${{ secrets.APP_ID }} | ||
gh_app_private_key: ${{ secrets.APP_PRIVATE_KEY }} | ||
permissions: | ||
contents: write | ||
id-token: write | ||
actions: read |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,71 @@ | ||
--- | ||
project_name: renovate-issue-action | ||
archives: | ||
- name_template: "{{.ProjectName}}_{{.Os}}_{{.Arch}}" | ||
- name_template: "{{.ProjectName}}_{{.Os}}_{{.Arch}}" | ||
builds: | ||
- binary: renovate-issue-action | ||
main: cmd/renovate-issue-action/main.go | ||
env: | ||
- CGO_ENABLED=0 | ||
goos: | ||
- darwin | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
- binary: renovate-issue-action | ||
main: cmd/renovate-issue-action/main.go | ||
env: | ||
- CGO_ENABLED=0 | ||
goos: | ||
- darwin | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
release: | ||
prerelease: true | ||
header: | | ||
[Pull Requests](https://github.com/suzuki-shunsuke/renovate-issue-action/pulls?q=is%3Apr+milestone%3A{{.Tag}}) | [Issues](https://github.com/suzuki-shunsuke/renovate-issue-action/issues?q=is%3Aissue+milestone%3A{{.Tag}}) | https://github.com/suzuki-shunsuke/renovate-issue-action/compare/{{.PreviousTag}}...{{.Tag}} | ||
brews: | ||
- | ||
# NOTE: make sure the url_template, the token and given repo (github or gitlab) owner and name are from the | ||
# same kind. We will probably unify this in the next major version like it is done with scoop. | ||
- | ||
# NOTE: make sure the url_template, the token and given repo (github or gitlab) owner and name are from the | ||
# same kind. We will probably unify this in the next major version like it is done with scoop. | ||
|
||
# GitHub/GitLab repository to push the formula to | ||
tap: | ||
owner: suzuki-shunsuke | ||
name: homebrew-renovate-issue-action | ||
token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" | ||
# The project name and current git tag are used in the format string. | ||
commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}" | ||
# Your app's homepage. | ||
# Default is empty. | ||
homepage: https://github.com/suzuki-shunsuke/renovate-issue-action | ||
# GitHub/GitLab repository to push the formula to | ||
tap: | ||
owner: suzuki-shunsuke | ||
name: homebrew-renovate-issue-action | ||
token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" | ||
# The project name and current git tag are used in the format string. | ||
commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}" | ||
# Your app's homepage. | ||
# Default is empty. | ||
homepage: https://github.com/suzuki-shunsuke/renovate-issue-action | ||
|
||
# Template of your app's description. | ||
# Default is empty. | ||
description: | | ||
Create, update, and close GitHub Issues with GitHub Actions according to Renovate Pull Requests | ||
license: MIT | ||
# Template of your app's description. | ||
# Default is empty. | ||
description: | | ||
Create, update, and close GitHub Issues with GitHub Actions according to Renovate Pull Requests | ||
license: MIT | ||
|
||
# Setting this will prevent goreleaser to actually try to commit the updated | ||
# formula - instead, the formula file will be stored on the dist folder only, | ||
# leaving the responsibility of publishing it to the user. | ||
# If set to auto, the release will not be uploaded to the homebrew tap | ||
# in case there is an indicator for prerelease in the tag e.g. v1.0.0-rc1 | ||
# Default is false. | ||
skip_upload: auto | ||
# Setting this will prevent goreleaser to actually try to commit the updated | ||
# formula - instead, the formula file will be stored on the dist folder only, | ||
# leaving the responsibility of publishing it to the user. | ||
# If set to auto, the release will not be uploaded to the homebrew tap | ||
# in case there is an indicator for prerelease in the tag e.g. v1.0.0-rc1 | ||
# Default is false. | ||
skip_upload: auto | ||
|
||
# So you can `brew test` your formula. | ||
# Default is empty. | ||
test: | | ||
system "#{bin}/renovate-issue-action --version" | ||
# So you can `brew test` your formula. | ||
# Default is empty. | ||
test: | | ||
system "#{bin}/renovate-issue-action --version" | ||
signs: | ||
- cmd: cosign | ||
artifacts: checksum | ||
signature: ${artifact}.sig | ||
certificate: ${artifact}.pem | ||
output: true | ||
env: | ||
- COSIGN_EXPERIMENTAL=1 | ||
args: | ||
- sign-blob | ||
- --output-signature | ||
- ${signature} | ||
- --output-certificate | ||
- ${certificate} | ||
- --oidc-provider | ||
- github | ||
- ${artifact} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
# aqua Policy | ||
# https://aquaproj.github.io/docs/tutorial-extras/policy-as-code | ||
registries: | ||
- type: standard | ||
ref: semver(">= 3.0.0") | ||
packages: | ||
- registry: standard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters