feat(.goreleaser.yml): add sha256 check to release notes (#604)

* feat(.goreleaser.yml): add sha256 check to release notes Improve commands so that the checksum of the downloaded file is checked before cosign is checked. * Update .goreleaser.yml Co-authored-by: Andrew Suderman <[email protected]> * Update .goreleaser.yml Co-authored-by: Andrew Suderman <[email protected]> --------- Co-authored-by: Andrew Suderman <[email protected]> Co-authored-by: Andrew Suderman <[email protected]>
FairwindsOps · May 30, 2023 · 47bd6fc · 47bd6fc
1 parent 5c137b5
commit 47bd6fc
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -32,7 +32,8 @@ release:
     You can verify the signatures of both the checksums.txt file and the published docker images using [cosign](https://github.com/sigstore/cosign).
 
     ```
-    cosign verify-blob checksums.txt --signature=checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub
+    sha256sum -c goldilocks_v{{ .Major }}.{{ .Minor }}.{{ .Patch }}_checksums.txt --ignore-missing
+    cosign verify-blob goldilocks_v{{ .Major }}.{{ .Minor }}.{{ .Patch }}_checksums.txt --signature=goldilocks_v{{ .Major }}.{{ .Minor }}.{{ .Patch }}_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub
     ```
 
     ```