Skip to content

Commit e1a3261

Browse files
preepree
authored
fix(cosign): update signing workflow (openbao#2103)
* fix(cosign): update signing workflow Signed-off-by: Pascal Reeb <pascal.reeb@secretz.io> * fix(cosign): remove oidc issuer Signed-off-by: Pascal Reeb <pascal.reeb@secretz.io> --------- Signed-off-by: Pascal Reeb <pascal.reeb@secretz.io>
1 parent 75901ff commit e1a3261

File tree

3 files changed

+6
-14
lines changed

3 files changed

+6
-14
lines changed

goreleaser.hsm.yaml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -424,12 +424,10 @@ signs:
424424
- id: cosign
425425
artifacts: all
426426
cmd: cosign
427-
certificate: "${artifact}.pem"
427+
signature: "${artifact}.sigstore.json"
428428
args:
429429
- "sign-blob"
430-
- "--oidc-issuer=https://token.actions.githubusercontent.com"
431-
- "--output-certificate=${certificate}"
432-
- "--output-signature=${signature}"
430+
- "--bundle=${signature}" # needed on cosign 3.0.0+
433431
- "${artifact}"
434432
- "--yes" # needed on cosign 2.0.0+
435433
- id: gpg
@@ -448,7 +446,6 @@ docker_signs:
448446
- artifacts: all
449447
args:
450448
- "sign"
451-
- "--oidc-issuer=https://token.actions.githubusercontent.com"
452449
- "${artifact}@${digest}"
453450
- "--yes" # needed on cosign 2.0.0+
454451

goreleaser.linux.yaml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -693,12 +693,10 @@ signs:
693693
- id: cosign
694694
artifacts: all
695695
cmd: cosign
696-
certificate: "${artifact}.pem"
696+
signature: "${artifact}.sigstore.json"
697697
args:
698698
- "sign-blob"
699-
- "--oidc-issuer=https://token.actions.githubusercontent.com"
700-
- "--output-certificate=${certificate}"
701-
- "--output-signature=${signature}"
699+
- "--bundle=${signature}" # needed on cosign 3.0.0+
702700
- "${artifact}"
703701
- "--yes" # needed on cosign 2.0.0+
704702
- id: gpg
@@ -717,7 +715,6 @@ docker_signs:
717715
- artifacts: all
718716
args:
719717
- "sign"
720-
- "--oidc-issuer=https://token.actions.githubusercontent.com"
721718
- "${artifact}@${digest}"
722719
- "--yes" # needed on cosign 2.0.0+
723720

goreleaser.other.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -117,12 +117,10 @@ signs:
117117
- id: cosign
118118
artifacts: all
119119
cmd: cosign
120-
certificate: "${artifact}.pem"
120+
signature: "${artifact}.sigstore.json"
121121
args:
122122
- "sign-blob"
123-
- "--oidc-issuer=https://token.actions.githubusercontent.com"
124-
- "--output-certificate=${certificate}"
125-
- "--output-signature=${signature}"
123+
- "--bundle=${signature}" # needed on cosign 3.0.0+
126124
- "${artifact}"
127125
- "--yes" # needed on cosign 2.0.0+
128126
- id: gpg

0 commit comments

Comments
 (0)