Commit Graph

10 Commits

Author SHA1 Message Date
Oliver Gugger
99ba272822
docs+scripts: switch to detached signatures
Due to a misunderstanding of how the gpg command line options work, we
didn't actually create detached signatures because the --clear-sign
flag would overwrite that. We update our verification script to now only
download the detached signatures and verify them against the main
manifest file.
We also update the signing instructions.
2021-02-15 10:33:20 +01:00
Conner Fromknecht
a6b977e760
github/workflows: pin exact docker release 2021-02-11 16:05:32 -08:00
Olaoluwa Osuntokun
caac0e6347
build: update CI builds to use go 1.15.7 2021-02-03 16:51:40 -08:00
Oliver Gugger
1abf3e7847
GitHub: use vendored actions for steps with sensitive info
To avoid leaking any sensitive information like Docker Hub credentials
because of compromised actions repositories, we use our own, vendored
actions for all steps that potentially touch sensitive information.
2021-01-25 14:16:00 +01:00
Oliver Gugger
356fdb82f8
docs+build: explain how to verify docker images 2021-01-14 21:48:32 +01:00
Oliver Gugger
4c56f3cacb
multi: add release helper docker file 2021-01-08 16:14:24 +01:00
Oliver Gugger
ae4a1908dd
GitHub: fetch full history for release build
To make sure git has the full history, including all annotated tags, we
need to explicitly fetch everything on checkout.
2021-01-05 10:41:34 +01:00
Oliver Gugger
91ed4d811e
GitHub+Travis: update to latest golang patch version 2020-12-12 11:26:00 +01:00
Oliver Gugger
8fea653c61
release: skip version check in automated builds 2020-11-19 12:35:58 +01:00
Oliver Gugger
4246238ff5
GitHub: build release binaries and upload to release
This commit adds another GitHub workflow that is activated for each
pushed tag. The release binaries are compiled from that tag for all
supported architectures. A new release in the GitHub repository is then
drafted for the tag and the finished binary packages are uploaded to
that release.
2020-11-19 12:35:53 +01:00