Syntax for signing lists of artifacts #4460

ross-spencer · 2023-12-05T10:25:26Z

ross-spencer
Dec 5, 2023

My YAML is rusty but it looks like it should be possible for some sort of list object to be used for signing. I have tried a few approaches unsuccessfully, my last is:

signs:
  - id: one
    artifacts: checksum
  - id: two
    artifacts: binary

The YAML is parsed, but Goreleaser only recognizes the first ID. From the docs, I am starting to get the impression it's not going to be possible to cherry-pick artifacts. Can anyone help confirm the syntax if it is possible?

Answered by ross-spencer

Dec 5, 2023

That's what I landed on: https://github.com/orgs/goreleaser/discussions/4460#discussioncomment-7763233

View full answer

ross-spencer · 2023-12-05T10:50:43Z

ross-spencer
Dec 5, 2023
Author

Okay, so inspecting the detail of the docs a little further, it is possible, but other conditions must be met. If signing binary you cannot also sign more typical archive formats, the format in the archives section must be set to: binary also, so you can do the following:

signs:
  - id: checksum_objects
    artifacts: checksum
  - id: binary_objects
    artifacts: binary
  - id: <other artifact>
    artifacts: ...

or:

signs:
  - id: archive_objects
    artifacts: archive
  - id: checksum_objects
    artifacts: checksum
  - id: <other artifact>
    artifacts: ...

Depending on how that archive section is configured. (At least that's how it's working, and I don't see a way to have both types signed).

0 replies

caarlos0 · 2023-12-05T12:42:38Z

caarlos0
Dec 5, 2023
Maintainer

You can filter by artifact type and ids:

https://goreleaser.com/customization/sign/#usage

3 replies

ross-spencer Dec 5, 2023
Author

That's not really clarifying anything here @caarlos0, I already have access to the docs, which I appreciate. What I was wrestling with was defining the list of signing targets. The docs only show the examples of signing checksum, or all.

caarlos0 Dec 5, 2023
Maintainer

you can't really cherry pick specific artifacts, only kinds filtering (or not) by id.

The docs state what other types are available besides checksum and all. Unless specified, the other options work the same regardless of which option you choose.

My guess for your problem in the second sign section being ignored is that likely your configuration doesn't have any archives with format set to binary, from the docs:

binary: binaries if archiving format is set to binary

GoReleaser doesn't allow to sign the binaries before they are archived, so you probably want to use archive instead of binary.

ross-spencer Dec 5, 2023
Author

That's what I landed on: https://github.com/orgs/goreleaser/discussions/4460#discussioncomment-7763233

Answer selected by caarlos0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GoReleaser

Syntax for signing lists of artifacts #4460

{{title}}

Replies: 2 comments 3 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

GoReleaser

Syntax for signing lists of artifacts #4460

ross-spencer Dec 5, 2023

Replies: 2 comments · 3 replies

ross-spencer Dec 5, 2023 Author

caarlos0 Dec 5, 2023 Maintainer

ross-spencer Dec 5, 2023 Author

caarlos0 Dec 5, 2023 Maintainer

ross-spencer Dec 5, 2023 Author

ross-spencer
Dec 5, 2023

Replies: 2 comments 3 replies

ross-spencer
Dec 5, 2023
Author

caarlos0
Dec 5, 2023
Maintainer

ross-spencer Dec 5, 2023
Author

caarlos0 Dec 5, 2023
Maintainer

ross-spencer Dec 5, 2023
Author