chore: more background, links and comments

wolfeidau · Jun 16, 2024 · c7a1fdd · c7a1fdd
1 parent 96d27f8
commit c7a1fdd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -47,6 +47,7 @@ changelog:
       - "^docs:"
       - "^test:"
 
+# Keyless signing of blobs using sigstore cosign https://docs.sigstore.dev/signing/signing_with_blobs/#keyless-signing-of-blobs-and-files
 signs:
   - cmd: cosign
     signature: "${artifact}.sig"

diff --git a/README.md b/README.md
@@ -1,6 +1,12 @@
 # gh-cosign-goreleaser
 
-This repository illustrates how to use GitHub, [goreleaser](https://goreleaser.com/) and [cosign](https://docs.sigstore.dev) to release a [Go](https://go.dev) based CLI program.
+This repository illustrates how to use GitHub, [GoReleaser](https://goreleaser.com/) and [cosign](https://docs.sigstore.dev) to release a [Go](https://go.dev) based CLI program. 
+
+# Overview
+
+This uses [keyless signing of blobs](https://docs.sigstore.dev/signing/signing_with_blobs/#keyless-signing-of-blobs-and-files) to provide signatures for binaries built using GitHub Actions, with GoReleaser.
+
+Have a look at the [GitHub Actions workflow](.github/workflows/releaser.yml) and the [GoReleaser configuration](.goreleaser.yaml).
 
 # Verify The Artifact