taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 22:00:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: cosign sign-blob use --bundle format (new cosign default) (#103)

Browse Source 
cosign deprecated --output-signature/--output-certificate in new
bundle format, causing open: no such file or directory error.
This commit is contained in:
DevITWay | Pavel Volkov
2026-04-06 01:52:55 +03:00
committed by GitHub
parent 7766a2f02c
commit 655fa6b508
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/release.yml vendored
View File

@@ -267,7 +267,7 @@ jobs:
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v3 uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v3
- name: Sign binary with cosign (keyless Sigstore) - name: Sign binary with cosign (keyless Sigstore)
run: cosign sign-blob --yes --output-signature nora-linux-amd64.sig --output-certificate nora-linux-amd64.pem ./nora-linux-amd64 run: cosign sign-blob --yes --bundle nora-linux-amd64.bundle ./nora-linux-amd64
- name: Create Release - name: Create Release
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
@@ -276,8 +276,7 @@ jobs:
files: | files: |
nora-linux-amd64 nora-linux-amd64
nora-linux-amd64.sha256 nora-linux-amd64.sha256
nora-linux-amd64.sig nora-linux-amd64.bundle
nora-linux-amd64.pem
nora-${{ github.ref_name }}.sbom.spdx.json nora-${{ github.ref_name }}.sbom.spdx.json
nora-${{ github.ref_name }}.sbom.cdx.json nora-${{ github.ref_name }}.sbom.cdx.json
nora-${{ github.ref_name }}.provenance.json nora-${{ github.ref_name }}.provenance.json