CI/CD Integration
CI/CD Integration
Section titled “CI/CD Integration”Embed signing into CI/CD pipelines to automate signature creation during build or release. Use digest-based signing in pipelines to avoid uploading full artifacts.
GitHub Actions Example
Section titled “GitHub Actions Example”name: Sign Artifacton: [push]jobs: sign: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Build run: ./build.sh - name: Compute digest & sign run: | digest=$(openssl dgst -sha256 -binary myapp.tar.gz | base64) curl -sS -X POST https://api.example.com/api/v1/sign/digest \ -H "Authorization: Bearer ${{ secrets.SIGNING_TOKEN }}" \ -H "Content-Type: application/json" \ -d "{\"digest\": \"$digest\", \"metadata\": {\"artifact\": \"myapp.tar.gz\"}}"- Use short-lived tokens or agent-based authentication from runners.
- Prefer asynchronous signing for long-running queues and poll for completion steps.