harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/.github
History
fettpl fed1997f62 ci: add cosign keyless signing for release artifacts 
- Add sigstore/cosign keyless signing to the release workflow
- Each artifact gets a detached .sig signature and .pem certificate
- Uses GitHub Actions OIDC for keyless signing (no secret management)
- Adds id-token: write permission for OIDC token generation
- Signatures and certificates are uploaded alongside binaries

Users can verify artifacts with:
  cosign verify-blob --certificate <file>.pem --signature <file>.sig \
    --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
    --certificate-identity-regexp="github.com/zeroclaw-labs/zeroclaw" \
    <file>

Closes #365

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 17:55:40 +01:00
..
ISSUE_TEMPLATE docs: strengthen collaboration governance and AGENTS engineering protocol (#263) 2026-02-16 05:59:04 -05:00
workflows ci: add cosign keyless signing for release artifacts 2026-02-16 17:55:40 +01:00
CODEOWNERS `chore(codeowners): route ci/docs surfaces to @chumyin 2026-02-16 21:59:38 +08:00
dependabot.yml docs: strengthen collaboration governance and AGENTS engineering protocol (#263) 2026-02-16 05:59:04 -05:00
labeler.yml docs: strengthen collaboration governance and AGENTS engineering protocol (#263) 2026-02-16 05:59:04 -05:00
pull_request_template.md docs: strengthen collaboration governance and AGENTS engineering protocol (#263) 2026-02-16 05:59:04 -05:00