Closed Djaytan closed 7 months ago
sonarcloud[bot]
commented
7 months ago 
Quality Gate passedKudos, no new issues were introduced!
0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication
github-actions[bot]
commented
7 months ago :tada: This PR is included in version 3.0.3 :tada:
The release is available on:
v3.0.3Your semantic-release bot :package::rocket:
github-actions[bot]
commented
7 months ago :tada: This PR is included in version 3.0.3 :tada:
The release is available on:
v3.0.3Your semantic-release bot :package::rocket:
github-actions[bot]
commented
7 months ago :tada: This PR is included in version 3.0.3 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
This change is useful for an incoming one which consist on extracting the signature and verification logic in a script file. The final goal is to make local testing easier and improve the overall readability.
Here, redundant verifications are removed. Checking the workflow, the branch ref and the repository are already covered by the value of the
CERTIFICATE_IDENTITYenvironment variable. The value is always expected to behttps://github.com/Djaytan/mc-jobs-reborn-patch-place-break/.github/workflows/release.yml@refs/heads/main.Realistically, we don't care about verifying which event triggered the signing process. The same apply for the commit SHA verification. Based on that, removing these specific verifications for simplifications purposes is better (i.e. the
--certificate-github-workflow-triggerand--certificate-github-workflow-shaargs respectively).