From 621b166d3dfd5faf0e8f0ef71bad3ec4140e10fc Mon Sep 17 00:00:00 2001 From: Christian Rebischke Date: Thu, 23 Dec 2021 15:29:32 +0100 Subject: [PATCH] fix: sign all artifacts I think it's okay to sign all artifacts instead of just the checksum --- .goreleaser.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 115d258..d71aa48 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -27,8 +27,7 @@ checksum: name_template: 'checksums.txt' sboms: - - id: default - artifacts: archive + - artifacts: archive - id: source artifacts: source @@ -40,7 +39,7 @@ signs: signature: "${artifact}.sig" certificate: "${artifact}.pem" args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-signature=${signature}", "--output-certificate=${certificate}", "${artifact}"] - artifacts: checksum + artifacts: all changelog: use: github