Added a section on manual verification of the relases. by kommendorkapten · Pull Request #9936 · cli/cli · GitHub
Skip to content

Added a section on manual verification of the relases.#9936

Merged
andyfeller merged 6 commits into
cli:trunkfrom
kommendorkapten:manual-verification
Nov 20, 2024
Merged

Added a section on manual verification of the relases.#9936
andyfeller merged 6 commits into
cli:trunkfrom
kommendorkapten:manual-verification

Conversation

@kommendorkapten

Copy link
Copy Markdown
Contributor

Updated README to contain information on how to verify a release's build provenance attestation either using gh or cosign. Reason for adding a third party client (cosign) is that the first time it's downloaded, you can't really depend on the downloaded binary to verify itself.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten kommendorkapten requested a review from a team as a code owner November 18, 2024 13:15
@cliAutomation cliAutomation added the external pull request originating outside of the CLI core team label Nov 18, 2024
@cliAutomation

Copy link
Copy Markdown
Contributor

@andyfeller andyfeller left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kommendorkapten : beyond my comments regarding readability, can you confirm these steps on Windows, Ubuntu, and MacOS with both cosign and gh attestation verify?

Comment thread README.md Outdated
Comment thread README.md
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten

Copy link
Copy Markdown
Contributor Author

@andyfeller andyfeller left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@andyfeller andyfeller enabled auto-merge November 20, 2024 15:28
@andyfeller andyfeller merged commit 984bfdc into cli:trunk Nov 20, 2024
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Nov 28, 2024
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cli/cli](https://github.com/cli/cli) | minor | `v2.62.0` -> `v2.63.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>cli/cli (cli/cli)</summary>

### [`v2.63.0`](https://github.com/cli/cli/releases/tag/v2.63.0): GitHub CLI 2.63.0

[Compare Source](cli/cli@v2.62.0...v2.63.0)

#### What's Changed

-   Support bare repo creation by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#9905
-   Refactor the `getAttestations` functions by [@&#8203;malancas](https://github.com/malancas) in cli/cli#9892
-   Added a section on manual verification of the relases. by [@&#8203;kommendorkapten](https://github.com/kommendorkapten) in cli/cli#9936
-   Adding option to return `baseRefOid` in `pr view` by [@&#8203;daliusd](https://github.com/daliusd) in cli/cli#9938
-   Update verification results printing by [@&#8203;malancas](https://github.com/malancas) in cli/cli#9937
-   Fix some multiline command documentation to use `heredoc` strings by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#9948
-   Print friendly error when `release create` fails due to missing `workflow` OAuth scope by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#9791

**Full Changelog**: cli/cli@v2.62.0...v2.63.0

#### Security

-   A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

    For more information, see GHSA-jwcm-9g39-pmcw

#### New Contributors

-   [@&#8203;daliusd](https://github.com/daliusd) made their first contribution in cli/cli#9938

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

external pull request originating outside of the CLI core team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants