mirror of
https://github.com/goreleaser/nfpm
synced 2024-05-05 03:36:22 +02:00
chore(ci): improve/fix release config
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
This commit is contained in:
parent
4a9ffaf333
commit
d04964eae1
|
@ -32,7 +32,7 @@ dockers:
|
|||
- 'goreleaser/nfpm:{{ .Tag }}-amd64'
|
||||
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-amd64'
|
||||
dockerfile: Dockerfile
|
||||
use_buildx: true
|
||||
use: buildx
|
||||
build_flag_templates:
|
||||
- "--pull"
|
||||
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||
|
@ -45,7 +45,7 @@ dockers:
|
|||
- 'goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
||||
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
||||
dockerfile: Dockerfile
|
||||
use_buildx: true
|
||||
use: buildx
|
||||
build_flag_templates:
|
||||
- "--pull"
|
||||
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||
|
|
|
@ -75,6 +75,40 @@ go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
|
|||
|
||||
Download the pre-compiled binaries from the [releases page][releases] and copy them to the desired location.
|
||||
|
||||
## Verifying the binaries
|
||||
|
||||
All artifacts are checksummed and the checksum file is signed with [cosign][].
|
||||
|
||||
You can verify it using [our public key](https://goreleaser.com/static/goreleaser.pub).
|
||||
|
||||
1. Download the files you want, the `checksums.txt` and `checksums.txt.sig` files from the [releases][releases] page.
|
||||
1. Verify the signature:
|
||||
```sh
|
||||
cosign verify-blob \
|
||||
-key https://goreleaser.com/static/goreleaser.pub \
|
||||
-signature checksums.txt.sig \
|
||||
checksums.txt
|
||||
```
|
||||
1. If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary:
|
||||
```sh
|
||||
sha256sum --ignore-missing -c checksums.txt
|
||||
```
|
||||
|
||||
## Verifying docker images
|
||||
|
||||
Our Docker image is signed with [cosign][].
|
||||
|
||||
You can verify it using [our public key](https://goreleaser.com/static/goreleaser.pub):
|
||||
|
||||
```sh
|
||||
cosign verify \
|
||||
-key https://goreleaser.com/static/goreleaser.pub \
|
||||
goreleaser/nfpm
|
||||
cosign verify \
|
||||
-key https://goreleaser.com/static/goreleaser.pub \
|
||||
ghcr.io/goreleaser/nfpm
|
||||
```
|
||||
|
||||
## Running with Docker
|
||||
|
||||
You can also use it within a Docker container. To do that, you'll need to
|
||||
|
|
Loading…
Reference in New Issue