From 5cb064e2fd1e24c1e827aaaf4412a1c12fe747c4 Mon Sep 17 00:00:00 2001 From: KrishAryan Date: Tue, 23 Apr 2024 15:41:14 +0530 Subject: [PATCH] feat:added signed releases Signed-off-by: KrishAryan replaced install karmor with install co-sign Signed-off-by: KrishAryan --- .github/workflows/ci-systemd-release.yml | 3 +++ KubeArmor/.goreleaser.yaml | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/.github/workflows/ci-systemd-release.yml b/.github/workflows/ci-systemd-release.yml index 1f102cb58a..a2ce2100f1 100644 --- a/.github/workflows/ci-systemd-release.yml +++ b/.github/workflows/ci-systemd-release.yml @@ -22,12 +22,15 @@ jobs: - uses: actions/setup-go@v5 with: go-version-file: 'KubeArmor/go.mod' + - name: Install the latest LLVM toolchain run: ./.github/workflows/install-llvm.sh - name: Compile libbpf run: ./.github/workflows/install-libbpf.sh + - name: Install Cosign + uses: sigstore/cosign-installer@main - name: Install karmor run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b . diff --git a/KubeArmor/.goreleaser.yaml b/KubeArmor/.goreleaser.yaml index 59096664dd..99a5836281 100644 --- a/KubeArmor/.goreleaser.yaml +++ b/KubeArmor/.goreleaser.yaml @@ -9,6 +9,20 @@ builds: - amd64 - arm64 +signs: + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + certificate: '${artifact}.cert' + args: + - sign-blob + - '--output-certificate=${certificate}' + - '--output-signature=${signature}' + - '${artifact}' + - --yes + artifacts: all + output: true + archives: - id: "kubearmor" builds: