Prepare for the first release! (#103)

This adds a github action that will run after merge and publish artifacts. It also adds keys to the repo that we'll sign with. Signed-off-by: Dan Lorenc <[email protected]>
sigstore · Mar 20, 2021 · 8e45e43 · 8e45e43
1 parent fe06faf
commit 8e45e43
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 2 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,40 @@
+name: CI-Build
+
+# Run this workflow every time a new commit pushed to your repository
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  build:
+    # Name the Job
+    name: build
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+    steps:
+      # Checks out a copy of your repository on the ubuntu-latest machine
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '1.16'
+
+      - name: build
+        run: make
+      - name: Print Info
+        run: ./cosign version && shasum -a 256 ./cosign > cosign.sha256 && cat cosign.sha256
+      - name: sign
+        run: echo -n "${{secrets.COSIGN_PASSWORD}}" | ./cosign sign-blob -key ./.github/workflows/cosign.key ./cosign > cosign.sig
+      - name: verify
+        run: ./cosign verify-blob -key ./.github/workflows/cosign.pub -signature cosign.sig ./cosign
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: artifacts
+          path: |
+            cosign
+            cosign.sha256
+            cosign.sig
diff --git a/.github/workflows/cosign.key b/.github/workflows/cosign.key
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----
+eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
+OCwicCI6MX0sInNhbHQiOiJYcDVZWW5nRVBWNkR1Kzh0Qmdsbll1OEc2YTZOWGVJ
+L1M3bXo0VUYvWk1FPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
+Iiwibm9uY2UiOiIyT0YvUFJBQ09sKzRTVTJXVHpycTFHalFML2JlQzQvQiJ9LCJj
+aXBoZXJ0ZXh0IjoiMDV6eTlxaWVZWlVjZ0pCZHNndWhSNmd6ZmEvc1RrbnBCZTN0
+Z3VsdDlXK0g0bnE3UE9sODFvdUttT0xhY3g5bzhKekhLNDg5SFR5NnNBYnhiWUVX
+R3Ewam85RUtSS0x0SU9NTWJ3cVluc2Z3YnVHQzNSNm1CR29CZncwV1pUOEdlMDM1
+NEQ2MzlTR1NLSytLMW9IM0xCSVdDWFgxYkllWFFkaFRWQTR4UDExVDFIZzFLM0RY
+WXVsUGpydFB0Yk5BVk44YmZUY3VSbHoxTlE9PSJ9
+-----END ENCRYPTED COSIGN PRIVATE KEY-----
diff --git a/.github/workflows/cosign.pub b/.github/workflows/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZxAfzrQG1EbWyCI8LiSB7YgSFXoI
+FNGTyQGKHFc6/H8TQumT9VLS78pUwtv3w7EfKoyFZoP32KrO7nzUy2q6Cw==
+-----END PUBLIC KEY-----
diff --git a/.gitignore b/.gitignore
@@ -15,8 +15,9 @@
 # vendor/
 
 # cosign stuff
-cosign.key
-cosign.pub
+/cosign.sig
+/cosign.key
+/cosign.pub
 /cosign
 .vscode