Open
Description
The check on the headlamp OpenSSF scorecard identifies that we are not signing releases.
Note: we have an issue for the helm chart needing to be signed opened here: #1989 Artifact hub detects this issue for the helm chart as well, and shows a badge that we are not signing that release.
See:
Warn: release artifact headlamp-helm-0.22.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158136215
Warn: release artifact v0.24.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158066078
Warn: release artifact headlamp-helm-0.21.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153973748
Warn: release artifact v0.23.2 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153901782
Warn: release artifact v0.23.1 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/148654809
Warn: release artifact headlamp-helm-0.22.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158136215
Warn: release artifact v0.24.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158066078
Warn: release artifact headlamp-helm-0.21.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153973748
Warn: release artifact v0.23.2 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153901782
Warn: release artifact v0.23.1 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/148654809