Open cary-ilm opened 2 months ago
The OpenSSF Best Practices Badge suggests signing release artifacts. Consider using OpenEXR's release-sign.yml workflow as a template. It's triggered on release creation and does these steps:
get archive
<release>.tar.gz
The OpenSSF Best Practices Badge suggests signing release artifacts. Consider using OpenEXR's release-sign.yml workflow as a template. It's triggered on release creation and does these steps:
get archiveto generate a<release>.tar.gzartifact<release>.tar.gzvia sigstore