feat: claude code setup improvements #12

Workflow file for this run

.github/workflows/release.yml at 2a35a14

	---
	name: Release

	on:
	push:
	tags:
	- "v*"

	permissions:
	contents: write
	id-token: write # Required for Cosign keyless signing via Sigstore

	jobs:
	# Gate: run full CI before releasing
	ci:
	name: CI Gate
	uses: ./.github/workflows/ci.yml

	release:
	name: Release
	needs: ci
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # goreleaser needs full history for changelog

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	cache: true

	- name: Install Cosign
	uses: sigstore/cosign-installer@v3

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v6
	with:
	version: "~> v2"
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Find checksums file
	id: checksums
	run: \|
	CHECKSUM_FILE=$(ls dist/*_SHA256SUMS 2>/dev/null \| head -1)
	if [ -z "$CHECKSUM_FILE" ]; then
	echo "::error::No SHA256SUMS file found in dist/"
	exit 1
	fi
	echo "path=${CHECKSUM_FILE}" >> "$GITHUB_OUTPUT"
	echo "name=$(basename ${CHECKSUM_FILE})" >> "$GITHUB_OUTPUT"

	- name: Sign checksums with Cosign (keyless)
	run: \|
	cosign sign-blob \
	--yes \
	--output-signature "${{ steps.checksums.outputs.path }}.sig" \
	--output-certificate "${{ steps.checksums.outputs.path }}.pem" \
	"${{ steps.checksums.outputs.path }}"

	- name: Upload Cosign signature to release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	TAG: ${{ github.ref_name }}
	run: \|
	gh release upload "${TAG}" \
	"${{ steps.checksums.outputs.path }}.sig" \
	"${{ steps.checksums.outputs.path }}.pem"

	- name: Verify Cosign signature
	run: \|
	cosign verify-blob \
	--signature "${{ steps.checksums.outputs.path }}.sig" \
	--certificate "${{ steps.checksums.outputs.path }}.pem" \
	--certificate-identity-regexp "https://github.com/numberly/opentofu-provider-flashblade" \
	--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
	"${{ steps.checksums.outputs.path }}"

	- name: Update release badge
	uses: schneegans/[email protected]
	with:
	auth: ${{ secrets.GIST_TOKEN }}
	gistID: 59bd98f69a5ecbb7e643402fde956fed
	filename: release.json
	label: release
	message: ${{ github.ref_name }}
	color: blue

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: claude code setup improvements #12

Workflow file

feat: claude code setup improvements #12

Uh oh!

Workflow file for this run