TopherMayor/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
fed1997f6286f3c0c678dbcfd785436063e90002
zeroclaw/.github/workflows
History
fettpl fed1997f62 ci: add cosign keyless signing for release artifacts 
- Add sigstore/cosign keyless signing to the release workflow
- Each artifact gets a detached .sig signature and .pem certificate
- Uses GitHub Actions OIDC for keyless signing (no secret management)
- Adds id-token: write permission for OIDC token generation
- Signatures and certificates are uploaded alongside binaries

Users can verify artifacts with:
  cosign verify-blob --certificate <file>.pem --signature <file>.sig \
    --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
    --certificate-identity-regexp="github.com/zeroclaw-labs/zeroclaw" \
    <file>

Closes #365

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 17:55:40 +01:00
..
auto-response.yml
build(deps): bump actions/github-script from 7 to 8 (#313)
2026-02-16 07:42:10 -05:00
ci.yml
ci: route trusted pushes to self-hosted runner (#369)
2026-02-16 10:56:53 -05:00
docker.yml
ci: route trusted docker and release publish jobs to self-hosted (#371)
2026-02-16 11:00:25 -05:00
labeler.yml
fix(ci): mitigate GitHub API rate-limit failures (#334)
2026-02-16 08:05:52 -05:00
pr-hygiene.yml
build(deps): bump actions/github-script from 7 to 8 (#313)
2026-02-16 07:42:10 -05:00
release.yml
ci: add cosign keyless signing for release artifacts
2026-02-16 17:55:40 +01:00
security.yml
ci: route trusted security and workflow checks to self-hosted (#370)
2026-02-16 10:58:45 -05:00
stale.yml
chore(ci): establish PR governance for agent collaboration (#177)
2026-02-15 12:41:16 -05:00
workflow-sanity.yml
ci: route trusted security and workflow checks to self-hosted (#370)
2026-02-16 10:58:45 -05:00