Skip to content
release

Cosign bundles are now required for release signing (#406) #15

Sign in to view logs

Cosign bundles are now required for release signing (#406)

Cosign bundles are now required for release signing (#406) #15

Workflow file for this run

.github/workflows/release.yaml at 4e42ba2
---
name: release
on:
push:
tags: [v*]
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags)
# Add support for more platforms with QEMU (optional)
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/setup-go@v6
with:
go-version: '1.25'
cache: true
- uses: sigstore/[email protected] # installs cosign
# - uses: anchore/sbom-action/[email protected] # installs syft
- uses: docker/login-action@v3 # login to ghcr
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v6 # run goreleaser
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}