gh-release-verify - Verify the attestation for a release
NAME SYNOPSIS DESCRIPTION OPTIONS OPTIONS INHERITED FROM PARENT COMMANDS EXIT CODES EXAMPLE SEE ALSONAME
gh-release-verify - Verify the attestation for a release
SYNOPSIS
gh release verify [<tag>] [flags]
DESCRIPTION
Verify that a GitHub Release is accompanied by a valid cryptographically signed attestation.
An attestation is a claim made by GitHub regarding a release and its assets.
This command checks that the specified release (or the latest release, if no tag is given) has a valid attestation. It fetches the attestation for the release and prints metadata about all assets referenced in the attestation, including their digests.
OPTIONS
--format <string>
Output format: {json}
-q, --jq <expression>
Filter JSON output using a jq expression
-t, --template <string>
Format JSON output using a Go template; see "gh help formatting"
OPTIONS INHERITED FROM PARENT COMMANDS
-R, --repo <[HOST/]OWNER/REPO>
Select another repository using the [HOST/]OWNER/REPO format
EXIT CODES
0: Successful execution
1: Error
2: Command canceled
4: Authentication required
NOTE: Specific commands may have additional exit codes. Refer to the command’s help for more information.
EXAMPLE
# Verify the
latest release
gh release verify
# Verify a
specific release by tag
gh release verify v1.2.3
# Verify a
specific release by tag and output the attestation in JSON
format
gh release verify v1.2.3 --format json
SEE ALSO
gh-release(1)