feat: prepare for the new releases

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
ko-build · Dec 22, 2021 · 0ee1a85 · 0ee1a85
1 parent bcde6f7
commit 0ee1a85
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,14 +17,10 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: 1.17.x
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@main
-        with:
-          cosign-release: 'v1.3.0'
+      - uses: sigstore/cosign-installer@v1.4.1
       - uses: goreleaser/goreleaser-action@v2
         with:
           version: latest
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          COSIGN_EXPERIMENTAL: 1
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -36,7 +36,17 @@ checksum:
   name_template: 'checksums.txt'
 signs:
   - cmd: cosign
-    args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output=${signature}", "${artifact}"]
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    signature: "${artifact}.sig"
+    certificate: "${artifact}.pem"
+    output: true
+    args:
+      - sign-blob
+      - '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
+      - '--output-certificate=${certificate}'
+      - '--output-signature=${signature}'
+      - '${artifact}'
     artifacts: checksum
 snapshot:
   name_template: "{{ .Tag }}-next"