build: add sigstore release step

bordumb · bordumb · commit c526669eabb9 · 2026-04-10T21:54:28.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -113,23 +113,27 @@ jobs:
           $hash = (Get-FileHash ${{ matrix.asset_name }}${{ matrix.ext }} -Algorithm SHA256).Hash.ToLower()
           "$hash  ${{ matrix.asset_name }}${{ matrix.ext }}" | Out-File -Encoding ascii ${{ matrix.asset_name }}${{ matrix.ext }}.sha256
 
-      - name: Sign artifact (ephemeral, Unix)
+      - name: Sign artifact and log to Sigstore (ephemeral, Unix)
         if: matrix.ext == '.tar.gz'
         run: |
           FILE="${{ matrix.asset_name }}${{ matrix.ext }}"
           ./staging/auths artifact sign "$FILE" \
             --ci \
             --commit "${{ github.sha }}" \
+            --ci-platform github \
+            --log sigstore-rekor \
             --note "Release ${{ github.ref_name }}"
 
-      - name: Sign artifact (ephemeral, Windows)
+      - name: Sign artifact and log to Sigstore (ephemeral, Windows)
         if: matrix.ext == '.zip'
         shell: pwsh
         run: |
           $file = "${{ matrix.asset_name }}${{ matrix.ext }}"
           .\staging\auths.exe artifact sign $file `
             --ci `
             --commit $env:GITHUB_SHA `
+            --ci-platform github `
+            --log sigstore-rekor `
             --note "Release ${{ github.ref_name }}"
 
       - name: Upload artifact
