goreleaser-action

mirror of https://github.com/goreleaser/goreleaser-action.git synced 2026-05-14 06:40:32 +00:00

History

Carlos Alexandro Becker 4b462d3d1d feat: verify release checksum and cosign signature (#550 ) * feat: verify release checksum and cosign signature Download checksums.txt for the release and verify the SHA-256 of the downloaded archive against it. When cosign is available in PATH, also download checksums.txt.sigstore.json and verify the signature against the goreleaser/goreleaser-pro release workflow identity. Both steps degrade gracefully (with a warning) when the corresponding artifacts or tooling are missing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: use install() for checksum e2e tests Drop the http-client download helper from verifyChecksum integration tests; call goreleaser.install() instead so the test exercises the public API path and avoids duplicating download logic. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>		2026-04-18 14:34:46 -03:00
..
context.ts	feat!: use "~> v2" as default (#463 )	2024-06-04 21:50:33 -03:00
github.ts	fix: use new static URL	2026-03-22 23:43:18 -03:00
goreleaser.ts	feat: verify release checksum and cosign signature (#550 )	2026-04-18 14:34:46 -03:00
main.ts	fix: yargs usage	2026-02-09 09:21:42 -03:00
test_setup.ts	feat!: node 24, update deps, rm yarn, ESM (#533 )	2026-01-29 21:22:39 -03:00