Export the unsigned files for a new theory on how SLSA verification can be done

2024-11-25 17:53:24 +01:00 · 2022-05-26 23:09:00 -07:00 · 2022-05-26 23:09:00 -07:00 · ea6be650ba
commit ea6be650ba
parent 372e3a8f44
2 changed files with 2 additions and 1 deletions
--- a/.github/workflows/slsa-releaser.yml
+++ b/.github/workflows/slsa-releaser.yml
@ -55,11 +55,11 @@ jobs:
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
-        # TODO: stop releasing the unsigned files
          files: |
            hishtory-darwin-arm64
            hishtory-darwin-arm64-unsigned
            hishtory-darwin-amd64
+            hishtory-darwin-amd64-unsigned

  # Upload to GitHub release.
  upload:
--- a/scripts/actions-sign.py
+++ b/scripts/actions-sign.py
@ -21,6 +21,7 @@ def main():
    print("signing...")
    os.system("""
    cp hishtory-darwin-arm64 hishtory-darwin-arm64-unsigned
+    cp hishtory-darwin-amd64 hishtory-darwin-amd64-unsigned
    echo $MACOS_CERTIFICATE | base64 -d > certificate.p12
    security create-keychain -p $MACOS_CERTIFICATE_PWD build.keychain
    security default-keychain -s build.keychain