File tree Expand file tree Collapse file tree 1 file changed +3
-8
lines changed
Expand file tree Collapse file tree 1 file changed +3
-8
lines changed Original file line number Diff line number Diff line change 4242 run : |
4343 curl -s -S "https://repo1.maven.org/maven2/org/leplus/${REPOSITORY}/${VERSION}/${REPOSITORY}-${VERSION}.jar" -o "${REPOSITORY}-${VERSION}.jar"
4444 curl -s -S "https://repo1.maven.org/maven2/org/leplus/${REPOSITORY}/${VERSION}/${REPOSITORY}-${VERSION}.jar.sigstore.json" -o "${REPOSITORY}-${VERSION}.jar.sigstore.json"
45- - name : Set up Go
46- uses : actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
47- with :
48- go-version : " stable"
49- check-latest : true
50- id : go
51- - name : Cosign
45+ - name : Install cosign
46+ uses : sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
47+ - name : Verify signature
5248 shell : bash
5349 run : |
54- go install github.com/sigstore/cosign/v2/cmd/cosign@latest
5550 cosign verify-blob --bundle "${REPOSITORY}-${VERSION}.jar.sigstore.json" --certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/publish.yml@refs/tags/v${VERSION}" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' "${REPOSITORY}-${VERSION}.jar"
You can’t perform that action at this time.
0 commit comments