forked from wolfi-dev/os
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gitsign.yaml
65 lines (57 loc) · 1.7 KB
/
gitsign.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package:
name: gitsign
version: 0.11.0
epoch: 2
description: Keyless Git signing with Sigstore!
copyright:
- license: Apache-2.0
environment:
environment:
CGO_ENABLED: "0"
pipeline:
- uses: git-checkout
with:
repository: https://github.com/sigstore/gitsign/
tag: v${{package.version}}
expected-commit: 8e08985029f0c0e5f0603d20c21864a3a97316cc
- uses: go/bump
with:
deps: "github.com/golang-jwt/jwt/[email protected] golang.org/x/[email protected]"
- uses: go/build
with:
packages: .
output: gitsign
ldflags: |
-s -w
-extldflags=-znow
-extldflags=-zrelro
-X github.com/sigstore/gitsign/pkg/version.gitVersion=${{package.version}}
- uses: strip
subpackages:
- name: gitsign-credential-cache
description: "helper binary that allows users to cache signing credentials"
pipeline:
- uses: go/build
with:
packages: ./cmd/gitsign-credential-cache
output: gitsign-credential-cache
- uses: strip
test:
pipeline:
- runs: |
gitsign-credential-cache --version
- name: "${{package.name}}-config"
description: "GitSign config"
pipeline:
- runs: |
mkdir -p ${{targets.subpkgdir}}/etc/
git config --system commit.gpgsign true # Sign all commits
git config --system tag.gpgsign true # Sign all tags
git config --system gpg.x509.program gitsign # Use gitsign for signing
git config --system gpg.format x509 # gitsign expects x509 args
cp /etc/gitconfig ${{targets.subpkgdir}}/etc
update:
enabled: true
github:
identifier: sigstore/gitsign
strip-prefix: v