-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release verification with both (.sig
, .crt
) + .sigstore
#517
Conversation
Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>
@@ -91,7 +100,7 @@ jobs: | |||
needs: [build] | |||
name: Generate build provenance | |||
permissions: | |||
actions: read # To read the workflow path. | |||
actions: read # To read the workflow path. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Ran prettier
over source)
Not sure what the correct procedure is for kicking off a test release build -- verified the contents of |
.sig,
.crt) +
.sigstore`.sig
, .crt
) + .sigstore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
We can merge here and do a release candidate -- that would probably be the easiest way. |
I'll shepherd this + do a RC. |
Thanks Will! |
Closes #509