mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-25 15:39:37 -05:00
ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts (#2296)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
a4d6016ae5
commit
f3218f4197
8
.github/workflows/release-cli.yml
vendored
8
.github/workflows/release-cli.yml
vendored
@ -225,9 +225,9 @@ jobs:
|
||||
grype constellation.spdx.sbom --fail-on high --only-fixed --add-cpes-if-none
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: 1
|
||||
COSIGN_PUBLIC_KEY: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
||||
COSIGN_PRIVATE_KEY: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
||||
COSIGN_PASSWORD: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
COSIGN_PUBLIC_KEY: ${{ inputs.key == 'release' && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
||||
COSIGN_PRIVATE_KEY: ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
||||
COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
|
||||
- name: Upload Constellation CLI SBOM
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
@ -335,7 +335,7 @@ jobs:
|
||||
- name: Write cosign public key
|
||||
run: echo "$COSIGN_PUBLIC_KEY" > cosign.pub
|
||||
env:
|
||||
COSIGN_PUBLIC_KEY: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
||||
COSIGN_PUBLIC_KEY: ${{ inputs.key == 'release' && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
||||
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
|
Loading…
Reference in New Issue
Block a user