STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #10759 from cli/cosign-no-regex

Browse source 
Simplify cosign verification example by not using a regex.
This commit is contained in:
William Martin 2025-04-10 12:29:44 +02:00 committed by GitHub
commit 057ad52fdb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -152,7 +152,7 @@ There are two common ways to verify a downloaded release, depending if `gh` is a
$ cosign verify-blob-attestation --bundle cli-cli-attestation-3120304.sigstore.json \
--new-bundle-format \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
--certificate-identity-regexp='^https://github\.com/cli/cli/\.github/workflows/deployment\.yml@refs/heads/trunk$' \
--certificate-identity="https://github.com/cli/cli/.github/workflows/deployment.yml@refs/heads/trunk" \
gh_2.62.0_macOS_arm64.zip
Verified OK
```