.goreleaser.yml: add binary-only releases and ed25519 signatures This lays the groundwork for future secure self-updates. The corresponding public key is in selfupdate/ed25519.pem. Co-Authored-By: sketch <hello@sketch.dev> Change-ID: s5b7440b1a9e2c5e3k

commit: 5e97dfc62b2c26cd6f483b06c1f5b034307c9791 [log] [tgz]
author: Josh Bleecher Snyder <josharian@gmail.com> Fri Jul 11 18:14:07 2025 +0000
committer: Josh Bleecher Snyder <josharian@gmail.com> Fri Jul 11 14:56:19 2025 -0700
tree: 459cd8afe14721c1aae4676c68aa225877c33e2d
parent: 61fa306b9a6e7677b63b66e3599f5fe5af2015a7 [diff] [blame]
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 71b255a..ddc4407 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml

@@ -36,6 +36,19 @@
     files:
       - README.md
       - LICENSE
+  - id: releaseBinary
+    format: binary
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+
+signs:
+  - id: ed25519-sign
+    cmd: selfupdatectl
+    args:
+      - "sign"
+      - "--private-key={{.Env.SELFUPDATE_PRIVKEY_PATH}}"
+      - "${artifact}"
+    signature: "${artifact}.ed25519"
+    artifacts: all
 
 release:
   github:
commit	5e97dfc62b2c26cd6f483b06c1f5b034307c9791	[log] [tgz]
author	Josh Bleecher Snyder <josharian@gmail.com>	Fri Jul 11 18:14:07 2025 +0000
committer	Josh Bleecher Snyder <josharian@gmail.com>	Fri Jul 11 14:56:19 2025 -0700
tree	459cd8afe14721c1aae4676c68aa225877c33e2d
parent	61fa306b9a6e7677b63b66e3599f5fe5af2015a7 [diff] [blame]