@@ -71,28 +71,30 @@ jobs:
7171
7272 - name : Sign artifacts with Sigstore (keyless)
7373 run : |
74- # Sign Go binaries
75- for bin in dist/stepsecurity-dev-machine-guard_darwin_*/stepsecurity-dev-machine-guard; do
76- cosign sign-blob "$bin" --bundle "${bin}.bundle" --yes
77- done
74+ # Sign Go binaries with unique bundle names
75+ cosign sign-blob dist/stepsecurity-dev-machine-guard_darwin_amd64_v1/stepsecurity-dev-machine-guard \
76+ --bundle dist/stepsecurity-dev-machine-guard_darwin_amd64.bundle --yes
77+ cosign sign-blob dist/stepsecurity-dev-machine-guard_darwin_arm64_v1/stepsecurity-dev-machine-guard \
78+ --bundle dist/stepsecurity-dev-machine-guard_darwin_arm64.bundle --yes
7879 # Sign shell script
7980 cosign sign-blob stepsecurity-dev-machine-guard.sh \
80- --bundle stepsecurity-dev-machine-guard.sh.bundle --yes
81+ --bundle dist/ stepsecurity-dev-machine-guard.sh.bundle --yes
8182
8283 - name : Generate checksums
8384 run : |
84- cd dist
85- sha256sum stepsecurity-dev-machine-guard_darwin_* /stepsecurity-dev-machine-guard >> stepsecurity-dev-machine-guard_${{ steps.version.outputs.version }}_SHA256SUMS
86- cd ..
87- sha256sum stepsecurity-dev-machine-guard.sh >> dist/stepsecurity-dev-machine-guard_${{ steps.version.outputs.version }}_SHA256SUMS
85+ SUMS=" dist/stepsecurity-dev-machine-guard_${{ steps.version.outputs.version }}_SHA256SUMS"
86+ sha256sum dist/ stepsecurity-dev-machine-guard_darwin_amd64_v1 /stepsecurity-dev-machine-guard >> "$SUMS"
87+ sha256sum dist/stepsecurity-dev-machine-guard_darwin_arm64_v1/stepsecurity-dev-machine-guard >> "$SUMS"
88+ sha256sum stepsecurity-dev-machine-guard.sh >> "$SUMS"
8889
8990 - name : Upload signature bundles and checksums to release
9091 env :
9192 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
9293 run : |
9394 gh release upload "${{ steps.version.outputs.tag }}" \
94- dist/stepsecurity-dev-machine-guard_darwin_*/stepsecurity-dev-machine-guard.bundle \
95- stepsecurity-dev-machine-guard.sh.bundle \
95+ dist/stepsecurity-dev-machine-guard_darwin_amd64.bundle \
96+ dist/stepsecurity-dev-machine-guard_darwin_arm64.bundle \
97+ dist/stepsecurity-dev-machine-guard.sh.bundle \
9698 dist/stepsecurity-dev-machine-guard_${{ steps.version.outputs.version }}_SHA256SUMS \
9799 --clobber
98100
0 commit comments