Add release action with cosign

Signed-off-by: Michael Shen <[email protected]>
mjlshen · Jan 8, 2023 · b541d0f · b541d0f
1 parent d01b4f1
commit b541d0f
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,33 @@
+name: Release
+on: 
+  - workflow_dispatch
+jobs:
+  sign:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      - name: 'Set up Go'
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: 'Build'
+        run: CGO_ENABLED=0 go build .
+
+      - name: 'Install Cosign'
+        uses: sigstore/[email protected]
+
+      - name: 'Authenticate to GCP'
+        uses: google-github-actions/[email protected]
+        with:
+          workload_identity_provider: 'projects/985030810135/locations/global/workloadIdentityPools/github/providers/github'
+          service_account: '[email protected]'
+
+      - name: 'Sign'
+        run: cosign sign-blob --key gcpkms://projects/mirrosa/locations/us/keyRings/signing/cryptoKeys/mirrosa mirrosa