feat(goreleaser/goreleaser): add cosign config #31881
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
scop
commented
Feb 8, 2025
Comment on lines
+46
to
+47
| - --certificate-identity | ||
| - https://github.com/goreleaser/goreleaser/.github/workflows/release.yml@refs/tags/{{.Version}} |
There was a problem hiding this comment.
This differs a from most existing cosign configs by using --certificate-identity (not --certificate-identity-regexp) and by using the exact identity of the release. Wondering if this is ok, or if there's a specific reason to use the regexp version and not being this strict?
There was a problem hiding this comment.
No problem.
I don't remember why we used --certificate-identity-regexp, but I think we should use --certificate-identity as much as possible.
There was a problem hiding this comment.
I remenber why we use --certificate-identity-regexp.
If GitHub Actions Reusable Workflows are used, the certificate-identity is the reusable workflow's URL such as https://github.com/suzuki-shunsuke/go-release-workflow/.github/workflows/release.yaml@v0.1.0.
We didn't want to fix the setting every time the reusable workflow is updated, so we used regular expressions @.*.
But if reusable workflows aren't used, I think --certificate-identity is better.
scop
force-pushed
the
feat/goreleaser-cosign
branch
from
cc0f0df to
9682454
Compare
|
Thank you! |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Feb 10, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://github.com/aquaproj/aqua-registry) | minor | `v4.307.0` -> `v4.309.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.309.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.309.0) [Compare Source](aquaproj/aqua-registry@v4.308.0...v4.309.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.309.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.309.0) | aquaproj/aqua-registry@v4.308.0...v4.309.0 #### 🎉 New Packages [#​31909](aquaproj/aqua-registry#31909) [apache/pulsar](https://github.com/apache/pulsar): Apache Pulsar - distributed pub-sub messaging system [@​MMirelli](https://github.com/MMirelli) [#​31906](aquaproj/aqua-registry#31906) [artempyanykh/marksman](https://github.com/artempyanykh/marksman): Write Markdown with code assist and intelligence in the comfort of your favourite editor [@​iamoeg](https://github.com/iamoeg) [#​31836](aquaproj/aqua-registry#31836) [knqyf263/sou](https://github.com/knqyf263/sou): A tool for exploring files in container image layers [#​31867](aquaproj/aqua-registry#31867) [sorah/mairu](https://github.com/sorah/mairu): on-memory AWS credentials agent and executor [@​ponkio-o](https://github.com/ponkio-o) #### Fixes [#​31881](aquaproj/aqua-registry#31881) goreleaser/goreleaser: Add Cosign config [@​scop](https://github.com/scop) [#​31889](aquaproj/aqua-registry#31889) dprint/dprint: Add checksums [@​scop](https://github.com/scop) [#​31892](aquaproj/aqua-registry#31892) mvdan/sh: Checksum support [@​scop](https://github.com/scop) [#​31897](aquaproj/aqua-registry#31897) hashicorp/nomad: Checksum support [@​scop](https://github.com/scop) [#​31898](aquaproj/aqua-registry#31898) hashicorp/packer: Checksum support [@​scop](https://github.com/scop) [#​31899](aquaproj/aqua-registry#31899) hashicorp/terraform: Checksum support [@​scop](https://github.com/scop) [#​31900](aquaproj/aqua-registry#31900) hashicorp/vault: Checksum support [@​scop](https://github.com/scop) [#​31901](aquaproj/aqua-registry#31901) hashicorp/waypoint: Checksum support [@​scop](https://github.com/scop) ### [`v4.308.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.308.0) [Compare Source](aquaproj/aqua-registry@v4.307.0...v4.308.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.308.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.308.0) | aquaproj/aqua-registry@v4.307.0...v4.308.0 #### 🎉 New Packages [#​31832](aquaproj/aqua-registry#31832) [goccy/go-yaml/ycat](https://github.com/goccy/go-yaml): Print yaml file with color [#​31825](aquaproj/aqua-registry#31825) [k1LoW/roots](https://github.com/k1LoW/roots): `roots` is a tool for exploring multiple root directories, such as those in a monorepo project [@​ponkio-o](https://github.com/ponkio-o) #### Fixes [#​31803](aquaproj/aqua-registry#31803) yassinebenaid/bunster: Support bunster v0.8.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjEuNiIsInVwZGF0ZWRJblZlciI6IjM5LjE2Mi4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://github.com/goreleaser/goreleaser/releases
Check List
Require signed commits, so all commits must be signedcmdx sto scaffold code