-
-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cosign #81
Cosign #81
Conversation
Thank you for working on this. Would it make sense to add a small note in the README to tell people how they can verify their binaries? |
@fabpot: that absolutely makes sense! There are a couple of things to consider going forward and I think these are things that need your approval. I've described these in the issue: #69 (comment). Decision made will also affect the instructions for the user. It seems the workflow execution failed in this repo. I think you approved of it manually? It seems that |
Regarding your questions, I would do the simplest thing for our users, so signing the binaries themselves. For SBOMs, if nobody asked for them, let's not do that for now. I would like to keep this PR as simple as possible. |
7bb670b
to
d0a6f67
Compare
@fabpot: I've addressed your comments. Is the README OK like this? I haven't been able to test the full action flow when using a version tag, so I'm curious to see if it works as expected 🙂 |
The build fails. |
@fabpot: it's likely due to using Do you want to go forward using the To be complete: these tokens wouldn't be necessary if I didn't use the |
Let's keep it simple by using the GITHUB_TOKEN everywhere then. |
@fabpot: changed it. Let's see if it works now. I don't know if your PAT had certain permissions that the |
Same error 😕 EDIT: I suspect it's related to this: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#how-the-permissions-are-calculated-for-a-workflow-job |
I've just created a branch with your changes to see if that would work and indeed, that works well: https://github.com/symfony-cli/symfony-cli/runs/5065888193?check_suite_focus=true |
Thank you @hslatman |
@hslatman But unfortunately, the released failed: https://github.com/symfony-cli/symfony-cli/runs/5065962537?check_suite_focus=true |
I noticed; too bad 😞 Using the Go module proxy is not necessarily required, no. Disabling that in the GoReleaser config should make it run. I tried it before and thought it was because the tag wasn't on the original repo. That apparently wasn't the issue. It's likely due to Go module versioning. I'll have a look at doing that the proper way, but for now disabling the proxy is OK. EDIT: PR is here: #85 |
I'll fix the issue with the Homebrew tap. EDIT: this should fix it: #86 |
Closes #69