mirror of
https://github.com/cargo-bins/cargo-binstall.git
synced 2025-04-24 14:28:42 +00:00
Sign our releases (#1347)
* Sign our releases * Use secrets instead of artifacts * And the universal * Apparently we can’t use secrets like that? * Minor fixes to doc * Private key requires untrusted comment * Dogfood one deeper
This commit is contained in:
Félix Saparelli
GitHub
parent
32beba507b
commit
ee7fcb3210
5 changed files with 88 additions and 14 deletions
16
.github/scripts/ephemeral-gen.sh
vendored
Executable file
16
.github/scripts/ephemeral-gen.sh
vendored
Executable file
|
|
@ -0,0 +1,16 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
cargo binstall -y rsign2
|
||||
rsign generate -f -W -p minisign.pub -s minisign.key
|
||||
|
||||
cat >> crates/bin/Cargo.toml <<EOF
|
||||
[package.metadata.binstall.signing]
|
||||
algorithm = "minisign"
|
||||
pubkey = "$(tail -n1 minisign.pub)"
|
||||
EOF
|
||||
|
||||
set +x
|
||||
echo "::add-mask::$(tail -n1 minisign.key)"
|
||||
echo "private=$(tail -n1 minisign.key)" >> "$GITHUB_OUTPUT"
|
||||
Loading…
Add table
Add a link
Reference in a new issue