You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Github recently added a new feature called "Artifact Attestations". From what I can tell, it isn't straightforward to integrate this feature with Goreleaser.
Describe the solution you'd like
Github recently introduced native integration of sigstore signatures. They're calling this "Artifact Attestations". It would be very cool if Goreleaser supported automatic artifact attestations for all release artifacts. Or at least documented the recommended integration approach.
Goreleaser already supports signing various artifacts using sigstore's cosign. However checking signatures is not straightforward and requires a fairly complex cosign command.
Search
I did search for other open and closed issues before opening this
Is your feature request related to a problem? Please describe.
Github recently added a new feature called "Artifact Attestations". From what I can tell, it isn't straightforward to integrate this feature with Goreleaser.
Describe the solution you'd like
Github recently introduced native integration of sigstore signatures. They're calling this "Artifact Attestations". It would be very cool if Goreleaser supported automatic artifact attestations for all release artifacts. Or at least documented the recommended integration approach.
https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
Describe alternatives you've considered
Goreleaser already supports signing various artifacts using sigstore's cosign. However checking signatures is not straightforward and requires a fairly complex cosign command.
Search
Supporter
Code of Conduct
Additional context
No response
The text was updated successfully, but these errors were encountered: