setup-signore downloads, installs, and configures the signore signing service client
MPL-2.0 License
Download and configure the signore signing service.
Originally based off of setup-terraform.
This version of the setup-signore
Action requires a GitHub personal access token to access GitHub's Releases API and has cross-platform support.
If you only need to install Signore on Linux GitHub Runners, consider using the setup-signore-package Action, which does not require any authentication for repositories and Actions in HashiCorp enterprise GitHub organizations.
Note: see action.yml for detailed information about configuration and defaults.
- name: Install signore
uses: hashicorp/setup-signore@v2
with:
github-token: ${{secrets.GITHUB_TOKEN_WITH_SIGNORE_REPO_ACCESS}}
- name: Install signore v0.1.2 and verify checksum
uses: hashicorp/setup-signore@v2
with:
github-token: ${{secrets.GITHUB_TOKEN_WITH_SIGNORE_REPO_ACCESS}}
version: v0.1.2
# https://github.com/hashicorp/signore/releases/download/v0.1.2/signore_0.1.2_darwin_x86_64.tar.gz sha256 hash
archive-checksum: 6b58be415b3e9b2f77d74f2cf70857819d15df512626658223b2d4a4f3adc404
- name: Install signore v0.1.2 with client config
uses: hashicorp/setup-signore@v2
with:
github-token: ${{secrets.GITHUB_TOKEN_WITH_SIGNORE_REPO_ACCESS}}
version: v0.1.2
signer: ${{secrets.SIGNORE_SIGNER}}
tar
or zip
archive that contains the signore binary, we compare its SHA256 hash against the user supplied archive-checksum