goreleaser-action

mirror of https://github.com/goreleaser/goreleaser-action.git synced 2026-05-15 23:20:32 +00:00

History

Carlos Alexandro Becker 4f893a457d feat: verify release checksum and cosign signature Download checksums.txt for the release and verify the SHA-256 of the downloaded archive against it. When cosign is available in PATH, also download checksums.txt.sigstore.json and verify the signature against the goreleaser/goreleaser-pro release workflow identity. Both steps degrade gracefully (with a warning) when the corresponding artifacts or tooling are missing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-18 08:59:15 -03:00
..
github.test.ts	fix: use new static URL	2026-03-22 23:43:18 -03:00
goreleaser.test.ts	feat: verify release checksum and cosign signature	2026-04-18 08:59:15 -03:00

Carlos Alexandro Becker 4f893a457d feat: verify release checksum and cosign signature

Download checksums.txt for the release and verify the SHA-256 of the
downloaded archive against it. When cosign is available in PATH, also
download checksums.txt.sigstore.json and verify the signature against
the goreleaser/goreleaser-pro release workflow identity. Both steps
degrade gracefully (with a warning) when the corresponding artifacts
or tooling are missing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-18 08:59:15 -03:00

github.test.ts

fix: use new static URL

2026-03-22 23:43:18 -03:00

goreleaser.test.ts

feat: verify release checksum and cosign signature

2026-04-18 08:59:15 -03:00