feat: add keyless signatures

.github/workflows/goreleaser.yml

@@ -25,6 +25,9 @@ jobs:
           GO111MODULE=off go get github.com/mattn/goveralls
           $(go env GOPATH)/bin/goveralls -coverprofile=profile.cov -service=github
   release:
+    permissions:
+      id-token: write
+      contents: write
     runs-on: ubuntu-latest
     needs: test
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
@@ -37,11 +40,16 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.17
+      - name: install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.3.1'
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser
-          version: 'v0.180.2'
+          version: 'v0.184.0'
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_EXPERIMENTAL: 1

.goreleaser.yaml

@@ -15,4 +15,11 @@ builds:
       - linux
     goarch:
       - amd64
-    main: .
+    main: .
+source:
+  enabled: true
+signs:
+  - cmd: cosign
+    signature: "${artifact}.sig"
+    args: ["sign-blob", "--oids-issuer=https://token.actions.githubusercontent.com", "--output=${signature}", "${artifact}"]
+    artifacts: all