github.com/droot/goreleaser@v0.66.2-0.20180420030140-c2db5fb17157/docs/075-sign.md

github.com/droot/goreleaser@v0.66.2-0.20180420030140-c2db5fb17157/docs/075-sign.md (about)

     1  ---
     2  title: Signing
     3  ---
     4  
     5  GoReleaser can sign some or all of the generated artifacts. Signing ensures
     6  that the artifacts have been generated by yourself and your users can verify
     7  that by comparing the generated signature with your public signing key.
     8  
     9  Signing works in combination with checksum files and it is generally sufficient
    10  to sign the checksum files only.
    11  
    12  The default is configured to create a detached signature for the checksum files
    13  with [GnuPG](https://www.gnupg.org/) and your default key. To enable signing
    14  just add
    15  
    16  ```yaml
    17  # goreleaser.yml
    18  sign:
    19     artifacts: checksum
    20  ```
    21  
    22  To customize the signing pipeline you can use the following options:
    23  
    24  ```yml
    25  # .goreleaser.yml
    26  sign:
    27    # name of the signature file.
    28    # '${artifact}' is the path to the artifact that should be signed.
    29    #
    30    # signature: "${artifact}.sig"
    31  
    32    # path to the signature command
    33    #
    34    # cmd: gpg
    35  
    36    # command line arguments for the command
    37    #
    38    # to sign with a specific key use
    39    # args: ["-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
    40    #
    41    # args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
    42  
    43  
    44    # which artifacts to sign
    45    #
    46    #   checksum: only checksum file(s)
    47    #   all:      all artifacts
    48    #   none:     no signing
    49    #
    50    # artifacts: none
    51  ```