Skip to content

Commit

Permalink
Accept signature for cosign (#525)
Browse files Browse the repository at this point in the history 
Release step is failing with;

error=sign: cosign failed: exit status 1: WARNING: the -output-signature=dist/checksums.txt.sig flag is deprecated and will be removed in a future release. Please use the --output-signature=dist/checksums.txt.sig flag instead.
Using payload from: dist/checksums.txt

This update uses the non-deprecated command and also accepts the sig.

Co-authored-by: jdesouza <james@fairwinds.com>
  • Loading branch information
@ECiurleo @jdesouza
ECiurleo and jdesouza authored May 3, 2024
1 parent 0b5b3e7 commit be6d45a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .goreleaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ checksum:
name_template: "checksums.txt"

signs:
- cmd: cosign
args: ["sign-blob", "--key=hashivault://cosign", "-output-signature=${signature}", "${artifact}"]
- cmd: sh
args: ["-c", "echo 'y' | cosign sign-blob --key=hashivault://cosign --output-signature ${signature} ${artifact}"]
artifacts: checksum

docker_signs:
Expand Down

0 comments on commit be6d45a

Please sign in to comment.