Skip to content

Commit

Permalink
Add a cosign command to release notes
Browse files Browse the repository at this point in the history
  • Loading branch information
@mendhak
mendhak committed Nov 6, 2024
1 parent 180db71 commit 38158b9
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion .github/workflows/generate-release-apk.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ jobs:
id: attest
with:
subject-path: gpslogger/gpslogger-*.apk
- name: Copy cosign bundle
run: cp ${{ steps.attest.outputs.bundle-path }} gpslogger/cosign.bundle
- name: Upload
uses: actions/upload-artifact@v4
with:
Expand All @@ -60,14 +62,26 @@ jobs:
gpslogger/gpslogger-*.apk
gpslogger/gpslogger-*.apk.asc
gpslogger/gpslogger-*.apk.SHA256
gpslogger/cosign.bundle
- name: Get APK file name
run: |
APK_FILE_NAME=$(find gpslogger/ -maxdepth 1 -name "gpslogger-*.apk" -print -quit | xargs basename)
echo "APK_FILE_NAME=$APK_FILE_NAME" >> $GITHUB_ENV
- name: Create a Release
id: create-release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
prerelease: ${{ contains(github.ref, '-rc') && startsWith(github.ref, 'refs/tags/') }}
make_latest: true
body: |
Verification:
```
cosign verify-blob $APK_FILE_NAME --bundle cosign.bundle --new-bundle-format --cert-oidc-issuer https://token.actions.githubusercontent.com --cert-identity https://github.com/${GITHUB_WORKFLOW_REF}
```
files: |
gpslogger/gpslogger-*.apk
gpslogger/gpslogger-*.apk.asc
gpslogger/gpslogger-*.apk.SHA256
gpslogger/gpslogger-*.apk.SHA256
gpslogger/cosign.bundle

0 comments on commit 38158b9

Please sign in to comment.