Commit Graph

10 Commits

Author SHA1 Message Date
Carlos Alexandro Becker 4b462d3d1d feat: verify release checksum and cosign signature (#550)
* feat: verify release checksum and cosign signature

Download checksums.txt for the release and verify the SHA-256 of the
downloaded archive against it. When cosign is available in PATH, also
download checksums.txt.sigstore.json and verify the signature against
the goreleaser/goreleaser-pro release workflow identity. Both steps
degrade gracefully (with a warning) when the corresponding artifacts
or tooling are missing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: use install() for checksum e2e tests

Drop the http-client download helper from verifyChecksum integration
tests; call goreleaser.install() instead so the test exercises the
public API path and avoids duplicating download logic.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 14:34:46 -03:00
CrazyMax f424e9de13 chore: update yarn to 3.5.1 (#412)
* chore: update yarn to 3.5.1

* chore: add plugin-interactive-tools yarn pkg

* chore: update dev dependencies

* chore: eslint fixes

* chore: update generated content

---------

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-05-07 16:13:08 +02:00
CrazyMax f82d6c1c34 fix: don't depend on the GitHub API to check release (#391)
* fix: don't depend on the GitHub API to check release

* chore: update generated content

---------

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-01-30 14:11:41 +01:00
Carlos Alexandro Becker 9754a253a8 fix: use @action/github (#390)
* fix: use @action/github

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* Update README.md

Co-authored-by: CrazyMax <github@crazymax.dev>

* Update action.yml

Co-authored-by: CrazyMax <github@crazymax.dev>

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Co-authored-by: CrazyMax <github@crazymax.dev>
2023-01-27 23:22:07 -03:00
Carlos A Becker 66134d94a7 Merge remote-tracking branch 'origin/master' into flarco/master
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-12-13 10:22:52 -03:00
Fritz Larco b60ea886c6 improve install 2022-11-12 17:00:09 -03:00
Fritz Larco 4d25ab4fd4 Update goreleaser.ts 2022-11-12 14:52:30 -05:00
CrazyMax ff11ca24a9 fix: dist resolution from config file (#369)
* ci: add job to check dist output from config

* fix: dist resolution from config file

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-26 18:29:38 +02:00
CrazyMax c127c9be61 feat: add artifacts and metadata outputs (#327)
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-27 20:01:51 +01:00
CrazyMax 39419c3fac refactor: setup context (#325)
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-27 17:22:06 +01:00