-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signed release packages using Github artifact attestation #1390
base: dev
Are you sure you want to change the base?
Conversation
@egecetin we removed Ubuntu 18.04, do you think you can update the PR and resolve conflicts? |
@seladb It is ready |
@egecetin seems the CI have some errors? |
@tigercosmos It is because of permissions. Since the write permissions set from a PR it prohibits the write permission so, it fails. You can check my master branch or run from my test tag https://github.com/egecetin/PcapPlusPlus/actions/runs/9858969300 |
I see. it's cool! |
Recently GitHub release public beta for artifact signing https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/. With this PR, generated artifacts should also generate
.sigstore.json
files to verify packages. It should be ready to review. Since I changed permissions from a PR, looks like write permissions prohibited. I can't find a way to tweak it to get passing result from CI.Note: Unfortunately requires drop of Ubuntu 18.04 support because of node version