odoo-addons

odoo-tower/odoo-addons

Fork 0

Commit Graph

Author	SHA1	Message	Date
compat-seeder	ed0e835863	feat(compat): sign seeded-ci.json with cosign (Phase 4.1) All checks were successful addon-qualify / qualify (push) Successful in 12s Details Adds cosign install + sign-blob step before commit. The detached .sig (base64-encoded ASN.1 DER ECDSA over SHA256(file)) is committed alongside seeded-ci.json. Tower's loader verifies it pure-Go before replay; mismatched/missing sig → refuse + log. cosign.pub is also checked in so the workflow can self-verify before push (catches key-rotation mismatch early). The same pubkey is embedded in Tower's binary at compat_bootstrap_pubkey.pem; both copies must match or replay will fail.	2026-05-10 16:59:39 +03:00

Author

SHA1

Message

Date

compat-seeder

ed0e835863

feat(compat): sign seeded-ci.json with cosign (Phase 4.1)

addon-qualify / qualify (push) Successful in 12s

Details

Adds cosign install + sign-blob step before commit. The detached
.sig (base64-encoded ASN.1 DER ECDSA over SHA256(file)) is committed
alongside seeded-ci.json. Tower's loader verifies it pure-Go before
replay; mismatched/missing sig → refuse + log.

cosign.pub is also checked in so the workflow can self-verify before
push (catches key-rotation mismatch early). The same pubkey is
embedded in Tower's binary at compat_bootstrap_pubkey.pem; both
copies must match or replay will fail.

2026-05-10 16:59:39 +03:00

1 Commits