actions/cargo-install
actions/cargo-install
3
0
Fork 0
mirror of https://github.com/dtolnay/install.git synced 2025-01-31 07:01:20 +01:00
Code Issues Projects Activity Pipelines

Verify artifact attestations

Browse source
This commit is contained in:
David Tolnay 2025-01-26 13:20:09 -08:00
parent 8dc199752a
commit bb72072ee7
No known key found for this signature in database
GPG key ID: F9BA143B95FF6D82
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
action.yml
View file

@ -33,6 +33,11 @@ runs:
- name: Verify gpg signature - name: Verify gpg signature
run: gpg --no-default-keyring --keyring ${{runner.temp}}/signing-key.gpg --trusted-key 830334D6A6010C41 --verify ${{runner.temp}}/${{steps.inputs.outputs.bin}}.sig ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} run: gpg --no-default-keyring --keyring ${{runner.temp}}/signing-key.gpg --trusted-key 830334D6A6010C41 --verify ${{runner.temp}}/${{steps.inputs.outputs.bin}}.sig ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
shell: bash shell: bash
- name: Verify artifact attestation
run: gh attestation verify --owner dtolnay ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
env:
GH_TOKEN: ${{github.token}}
shell: bash
- name: Set executable bit - name: Set executable bit
run: chmod +x ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} run: chmod +x ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
shell: bash shell: bash