chore: fix checksum generation

[34fathombelow]

Signed-off-by: Justin Marquis [email protected]

This PR fixes the checksum generation done during a release. Also included SBOM to be signed. Cosign public key added for public record.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this is a chore.
• The title of the PR is (a) conventional with a list of types and scopes found here, (b) states what changed, and (c) suffixes the related issues number. E.g. "fix(controller): Updates such and such. Fixes #1234".
• I've signed my commits with DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My builds are green. Try syncing with master if they are not.
• My organization is added to USERS.md.

[github-actions]

Go Published Test Results

1 832 tests   1 832 ✔️  2m 30s ⏱️
   105 suites         0 💤
       1 files           0 ❌

Results for commit dcd4675.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

Base: 81.67% // Head: 81.67% // No change to project coverage 👍

Coverage data is based on head (dcd4675) compared to base (84df738).
Patch has no changes to coverable lines.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2481   +/-   ##
=======================================
  Coverage   81.67%   81.67%           
=======================================
  Files         126      126           
  Lines       19124    19124           
=======================================
  Hits        15620    15620           
  Misses       2710     2710           
  Partials      794      794           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[github-actions]

E2E Tests Published Test Results

    2 files      2 suites   1h 43m 52s ⏱️
  94 tests   86 ✔️ 3 💤 5 ❌
194 runs  182 ✔️ 6 💤 6 ❌

For more details on these failures, see this check.

Results for commit c8344da.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[zachaller]

Just an fyi, I removed the public cosing key, when I talked to Jesse about this and I think it makes sense as well we did not want to really publish a pub key outside of the release. The reason for this is if we ever need to rotate the private key if users are used to having to pull public keys from the release assets only it makes it really easy to rotate without having to have a notice of the leak and breaking newer releases from being checked if they are always just pulling the pub key from the release they will always have the correct key even if we switch. Do you see any issue with that?