Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds signing workflow for releases #2109

Merged
merged 1 commit into from
Nov 21, 2024
Merged

Adds signing workflow for releases #2109

merged 1 commit into from
Nov 21, 2024
+30 −0

Conversation

Cawllec
Copy link
Contributor

@Cawllec Cawllec commented Nov 20, 2024

Goal

Adds a workflow that will:

  • Download all assets from a given release (set automatically when triggered by a release)
  • Create a signature for each asset using our platforms release GPG key
  • Confirm that signatures are correct for the asset and key
  • Upload the signatures to the release

Testing

A test run can be observed here, and the outcome of the test run can be observed here. Note that these did not use our platforms release key.

For full testing this will need to be merged and then manually run against a previous release.

@Cawllec Cawllec requested a review from tomlongridge November 20, 2024 09:23
@bugsnagbot
Copy link
Collaborator

bugsnagbot commented Nov 20, 2024
edited
Loading

Android notifier sizes

Format Size impact of Bugsnag (kB) Size impact of Bugsnag when Minified (kB)
APK 1862.82 1675.8
arm64_v8a 639.23 450.82
armeabi_v7a 573.7 385.29
x86 717.04 528.62
x86_64 684.28 495.86

Generated by 🚫 Danger

@Cawllec Cawllec requested a review from lemnik November 20, 2024 15:04
@Cawllec Cawllec merged commit 01ada61 into next Nov 21, 2024
34 checks passed
@Cawllec Cawllec deleted the signing-workflow branch November 21, 2024 16:29
YYChen01988 added a commit that referenced this pull request Dec 4, 2024
@YYChen01988 @lemnik @Cawllec
Do not synthesize discarded events (#2108)
33e64d1 
* feat(ExitInfo)removed disable config options for synthesising reports

* feat(OpenSSF) improve Pinned-Dependencies and Token-Permissions scores (#2103)

* feat(ExitInfo)added DiscardEventCallback

* test(mazerunner): include the mapping.txt file in the published end2end artifacts to aid test debugging

* Add signing workflow (#2109)

* feat(exitinfo): remove the unmatched native crash reporting and turn off the unmatched ANR handling by default to avoid unexpected behaviour in upgrades

* chore(exitinfo): cleanup consts making more use of MATCH_ALL and MAX_EXIT_INFO

* test(fixture): only copy mapping.txt of the test fixture if it exists

---------

Co-authored-by: jason <lemnik@users.noreply.github.com>
Co-authored-by: Alex Moinet <alex@bugsnag.com>
YYChen01988 added a commit that referenced this pull request Dec 4, 2024
@YYChen01988 @lemnik @Cawllec
Synthesise unmatched anr report fixed conflicts (#2115)
b028459 
* feat(OpenSSF) improve Pinned-Dependencies and Token-Permissions scores (#2103)

* test(mazerunner): include the mapping.txt file in the published end2end artifacts to aid test debugging

* Add signing workflow (#2109)

* chore(build): replaced the buildSrc plugin with a simplified Versions object and moved the build structure down into the individual modules

* chore(build): update CodeQL to use custom build script

* test(startup): remove flaky MultiThreadedStartupScenario - it cannot be made reliable and no amount of retries will stop the flakes

---------

Co-authored-by: jason <lemnik@users.noreply.github.com>
Co-authored-by: Alex Moinet <alex@bugsnag.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lemnik lemnik lemnik approved these changes

@tomlongridge tomlongridge Awaiting requested review from tomlongridge

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Cawllec @bugsnagbot @lemnik