File tree Expand file tree Collapse file tree 3 files changed +8
-4
lines changed Expand file tree Collapse file tree 3 files changed +8
-4
lines changed Original file line number Diff line number Diff line change @@ -116,6 +116,7 @@ jobs:
116116 - name : Generate release artifacts
117117 run : |
118118 make release-plugins
119+ make checksums
119120 make manifests IMAGE_TAG=${{ github.event.inputs.tag }}
120121
121122name : Generate SBOM (spdx)
@@ -183,8 +184,9 @@ jobs:
183184
184185 - name : Sign checksums and create public key for release assets
185186 run : |
186- cosign sign-blob --key env://COSIGN_PRIVATE_KEY dist/argo-rollouts-checksums.txt > dist/argo-rollouts-checksums.sig
187+ cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./ dist/argo-rollouts-checksums.txt > ./ dist/argo-rollouts-checksums.sig
187188 cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-rollouts-cosign.pub
189+ cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
188190 # Displays the public key to share.
189191 cosign public-key --key env://COSIGN_PRIVATE_KEY
190192env :
@@ -216,5 +218,6 @@ jobs:
216218 manifests/notifications-install.yaml
217219 docs/features/kustomize/rollout_cr_schema.json
218220 /tmp/sbom.tar.gz
221+ /tmp/sbom.tar.gz.sig
219222env :
220223 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
Original file line number Diff line number Diff line change @@ -275,3 +275,7 @@ release: release-precheck precheckin image plugin-image release-plugins
275275trivy :
276276 @trivy fs --clear-cache
277277 @trivy fs .
278+
279+ .PHONY : checksums
280+ checksums :
281+ shasum -a 256 ./dist/kubectl-argo-rollouts-* | awk -F ' ./dist/' ' {print $$1 $$2}' > ./dist/argo-rollouts-checksums.txt
Original file line number Diff line number Diff line change 1717
1818docker rm -v ${container_id}
1919rm -f ${rollout_iid_file}
20-
21- cd ${SRCROOT} /dist/
22- shasum -a 256 kubectl-argo-rollouts-* > argo-rollouts-checksums.txt
You can’t perform that action at this time.
0 commit comments