Simplify signing with for loop

spalmurray · spalmurray · commit dd95d320d891 · 2025-07-31T17:54:29.000-04:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -178,21 +178,12 @@ jobs:
 
       - name: Sign sentry-prevent-cli binaries
         run: |
-          cosign sign-blob sentry-prevent-cli_macos/sentry-prevent-cli_macos --bundle sentry-prevent-cli_macos/sentry-prevent-cli_macos.bundle --yes
-          cosign sign-blob sentry-prevent-cli_windows.exe/sentry-prevent-cli_windows.exe --bundle sentry-prevent-cli_windows.exe/sentry-prevent-cli_windows.exe.bundle --yes
-          cosign sign-blob sentry-prevent-cli_alpine_arm64/sentry-prevent-cli_alpine_arm64 --bundle sentry-prevent-cli_alpine_arm64/sentry-prevent-cli_alpine_arm64.bundle --yes
-          cosign sign-blob sentry-prevent-cli_alpine_x86_64/sentry-prevent-cli_alpine_x86_64 --bundle sentry-prevent-cli_alpine_x86_64/sentry-prevent-cli_alpine_x86_64.bundle --yes
-          cosign sign-blob sentry-prevent-cli_linux_arm64/sentry-prevent-cli_linux_arm64 --bundle sentry-prevent-cli_linux_arm64/sentry-prevent-cli_linux_arm64.bundle --yes
-          cosign sign-blob sentry-prevent-cli_linux_x86_64/sentry-prevent-cli_linux_x86_64 --bundle sentry-prevent-cli_linux_x86_64/sentry-prevent-cli_linux_x86_64.bundle --yes
-
-      - name: Test verification
-        run: |
-          cosign verify-blob sentry-prevent-cli_macos/sentry-prevent-cli_macos --bundle sentry-prevent-cli_macos/sentry-prevent-cli_macos.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
-          cosign verify-blob sentry-prevent-cli_windows.exe/sentry-prevent-cli_windows.exe --bundle sentry-prevent-cli_windows.exe/sentry-prevent-cli_windows.exe.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
-          cosign verify-blob sentry-prevent-cli_alpine_arm64/sentry-prevent-cli_alpine_arm64 --bundle sentry-prevent-cli_alpine_arm64/sentry-prevent-cli_alpine_arm64.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
-          cosign verify-blob sentry-prevent-cli_alpine_x86_64/sentry-prevent-cli_alpine_x86_64 --bundle sentry-prevent-cli_alpine_x86_64/sentry-prevent-cli_alpine_x86_64.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
-          cosign verify-blob sentry-prevent-cli_linux_arm64/sentry-prevent-cli_linux_arm64 --bundle sentry-prevent-cli_linux_arm64/sentry-prevent-cli_linux_arm64.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
-          cosign verify-blob sentry-prevent-cli_linux_x86_64/sentry-prevent-cli_linux_x86_64 --bundle sentry-prevent-cli_linux_x86_64/sentry-prevent-cli_linux_x86_64.bundle --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
+          # Glob matches all prevent-cli binaries, not python wheel nor anything else.
+          for file in sentry-prevent-cli_*/sentry-prevent-cli_*; do
+            cosign sign-blob $file --bundle "$file.bundle" --yes;
+            # Test verification because why not
+            cosign verify-blob $file --bundle "$file.bundle" --certificate-identity-regexp=^https://github.com/getsentry/prevent-cli/ --certificate-oidc-issuer=https://token.actions.githubusercontent.com
+          done
 
       - name: Upload release artifact
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
