From f17438b40bf2538e4dbcbbf95bf71367d7e8b11e Mon Sep 17 00:00:00 2001 From: Adrian Berger Date: Fri, 5 Apr 2024 13:05:04 +0000 Subject: [PATCH] Disable cosign --- .github/workflows/release.yml | 12 ++++++------ .goreleaser.yml | 36 +++++++++++++++++------------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16993f4..df84fdd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 - - uses: sigstore/cosign-installer@v3.0.3 + # - uses: sigstore/cosign-installer@v3.0.3 - uses: anchore/sbom-action/download-syft@v0.14.2 - name: ghcr-login if: startsWith(github.ref, 'refs/tags/v') @@ -30,17 +30,17 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Go uses: actions/setup-go@v4 - - name: Install Cosign - uses: sigstore/cosign-installer@main - with: - cosign-release: 'v1.13.1' + # - name: Install Cosign + # uses: sigstore/cosign-installer@main + # with: + # cosign-release: 'v1.13.1' - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4 with: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - COSIGN_PWD: ${{ secrets.COSIGN_PWD }} + # COSIGN_PWD: ${{ secrets.COSIGN_PWD }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 49c77aa..b463e67 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,6 +1,6 @@ project_name: subst env: - - COSIGN_EXPERIMENTAL=true + - COSIGN_EXPERIMENTAL=false - GO111MODULE=on before: hooks: @@ -164,23 +164,23 @@ changelog: order: 9999 sboms: - artifacts: archive -signs: -- cmd: cosign - args: - - "sign-blob" - - "--output-signature=${signature}" - - "${artifact}" - - "--yes" - artifacts: all -docker_signs: -- cmd: cosign - artifacts: manifests - output: true - args: - - 'sign' - - "--output-signature=${signature}" - - '${artifact}@${digest}' - - --yes +# signs: +# - cmd: cosign +# args: +# - "sign-blob" +# - "--output-signature=${signature}" +# - "${artifact}" +# - "--yes" +# artifacts: all +# docker_signs: +# - cmd: cosign +# artifacts: manifests +# output: true +# args: +# - 'sign' +# - "--output-signature=${signature}" +# - '${artifact}@${digest}' +# - --yes #brews: # - tap: # owner: bedag