Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please add a source code archive to the github release assets #198

Open
wodev opened this issue Nov 30, 2024 · 0 comments
Open

Please add a source code archive to the github release assets #198

wodev opened this issue Nov 30, 2024 · 0 comments
Assignees
@dopey

Comments

@wodev
Copy link

wodev commented Nov 30, 2024

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

The rgithub elease assets for the step-kms-plugin does not contain a source code archive (step-kms-plugin_.tar.gz) including a Cosign signature like the releases for step-cli and step-certificates (step-ca)

Why is this needed?

The GitHub archives based on the tag does not produce a stable checksum hash which causes from time to time issues during the rebuild of alpine packages, Adding ithe source code archive file to the release artifacts provides a source code archive with a stable checksum which can be used a a source for packaging (for examle Apline Linux packages). Adding it to the checksumtxt and adding a cosign signatures improves the validation of the source code archive for the release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dopey dopey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dopey @wodev