search

crytic / medusa

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum
https://www.trailofbits.com/
GNU Affero General Public License v3.0
292 stars 37 forks source link

ci: automated release builds #342

Closed elopez closed 5 months ago

elopez commented 6 months ago

Includes PR #318 to enable aarch64 macOS builds. This enables CI runs when pushing a tag. It also adds a new release job that only runs on tag pushes, and will create a draft release on the repository and attach binaries and their sigstore signatures.

Downloaded files from the release can then be verified with sigstore as follows:

% RELEASE_TAG=v1.2.3
% FILE=medusa-linux-x64.tar.gz
% sigstore verify github \
  --bundle "${FILE}.sigstore" \
  --cert-identity "https://github.com/crytic/medusa/.github/workflows/ci.yml@refs/tags/$RELEASE_TAG" \
  "$FILE"