enhancement: integrate sigstore signature (#272)

Resolves #271

Author: OptimumCode

.github/workflows/release.yml

@@ -27,6 +27,10 @@ jobs:
   build-and-test:
     uses: ./.github/workflows/build-and-test.yml
   publish_artifacts:
+    # permissions required for sigstore signature
+    permissions:
+      id-token: write
+      contents: read
     needs:
       - version
       - build-and-test

.github/workflows/snapshot_release.yml

@@ -21,6 +21,10 @@ jobs:
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
   publish:
+    # permissions required for sigstore signature
+    permissions:
+      id-token: write
+      contents: read
     needs:
       - build-and-test
     runs-on: macos-latest

buildSrc/build.gradle.kts

@@ -8,4 +8,5 @@ repositories {
 
 dependencies {
   implementation(libs.kotlin.gradle.plugin)
+  implementation(libs.sigstore.gradle.plugin)
 }

buildSrc/src/main/kotlin/convention.publication.gradle.kts

@@ -1,6 +1,7 @@
 plugins {
   `maven-publish`
   signing
+  id("dev.sigstore.sign")
 }
 
 val javadocJar by tasks.registering(Jar::class) {

gradle/libs.versions.toml

@@ -42,6 +42,7 @@ kotlin-codepoints = { group = "de.cketti.unicode", name = "kotlin-codepoints", v
 normalize = { group = "com.doist.x", name = "normalize", version = "1.1.1" }
 karacteristics = { group = "io.github.optimumcode", name = "karacteristics", version = "0.0.4" }
 kotlin-gradle-plugin = { module = "org.jetbrains.kotlin:kotlin-gradle-plugin", version.ref = "kotlin" }
+sigstore-gradle-plugin = { module = "dev.sigstore:sigstore-gradle-sign-plugin", version = "1.3.0"}
 
 [bundles]
 openapi = ["openapi-validator", "openapi-interfaces", "openapi-jackson"]