Skip to content

Commit 91ec724

Browse files
spalmurrayspalmurray
committed
Test cosign
1 parent d4b89a3 commit 91ec724

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

.github/workflows/build.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,12 +165,22 @@ jobs:
165165
name: Package assets for Craft
166166
runs-on: ubuntu-latest
167167
needs: [build_for_pypi, build_assets, build_linux_assets]
168+
permissions:
169+
id-token: write # needed for signing binaries with OIDC token via Cosign
168170
steps:
169171
- name: Download artifacts
170172
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
171173
with:
172174
pattern: "{sentry-prevent-,codecov-,codecov}cli*"
173175

176+
- name: Install Cosign
177+
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
178+
179+
- name: Sign sentry-prevent-cli binaries
180+
run: cosign sign-blob sentry-prevent-cli_macos/sentry-prevent-cli_macos --bundle sentry-prevent-cli_macos.bundle --yes
181+
182+
- run: ls
183+
174184
- name: Upload release artifact
175185
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
176186
with:
@@ -180,3 +190,4 @@ jobs:
180190
sentry-prevent-cli_wheel/*
181191
codecovcli*
182192
codecov-cli_wheel/*
193+
*.bundle

0 commit comments

Comments
 (0)