{"id":22967945,"url":"https://github.com/satta/ballsy","last_synced_at":"2025-07-14T18:38:54.203Z","repository":{"id":57413835,"uuid":"63451182","full_name":"satta/ballsy","owner":"satta","description":"GitHub release tarball sygner","archived":false,"fork":false,"pushed_at":"2016-07-18T14:02:15.000Z","size":17,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-29T19:39:57.951Z","etag":null,"topics":["github","repository","signing","tarball"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/satta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-07-15T21:10:48.000Z","updated_at":"2023-11-29T23:29:08.000Z","dependencies_parsed_at":"2022-08-27T23:50:47.908Z","dependency_job_id":null,"html_url":"https://github.com/satta/ballsy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/satta/ballsy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fballsy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fballsy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fballsy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fballsy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/satta","download_url":"https://codeload.github.com/satta/ballsy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fballsy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265333460,"owners_count":23748805,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","repository","signing","tarball"],"created_at":"2024-12-14T21:15:10.340Z","updated_at":"2025-07-14T18:38:54.181Z","avatar_url":"https://github.com/satta.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ballsy\n[![Latest version](https://img.shields.io/pypi/v/ballsy.svg)](https://pypi.python.org/pypi/ballsy)\n[![License](https://img.shields.io/badge/Licence-BSD-brightgreen.svg)](https://opensource.org/licenses/BSD-2-Clause)\n[![Downloads](https://img.shields.io/pypi/dm/ballsy.svg)](https://pypi.python.org/pypi/ballsy)\n\nBallsy is a GitHub release tarball signing tool. It tries to promote signing of\nthe automatically generated release tarballs on GitHub with developer's OpenPGP\nkeys. Usually that would involve:\n\n  - pushing a tag\n  - navigating to the GitHub web page and creating a release\n  - downloading their tarball\n  - signing the tarball\n  - uploading the detached ASCII signature to the release page as an asset\n\n(And then redo this for the ZIP file...) The Debian wiki has a good set of\n[instructions for this](https://wiki.debian.org/Creating%20signed%20GitHub%20releases).\n\nMost of us probably wouldn't bother doing this. This software automates this\njob by taking care of the necessary steps as outlined above.\n\nAdditional features:\n\n  - Automatic conversion from tags to releases\n  - Selective signing of ZIPs/tarballs\n  - Automatic target repo selection based on current directory\n\n# Installation\n\n    $ pip install ballsy\n\n# Usage\n\nYou'll need to log in to GitHub once:\n\n    $ ballsy login\n\nwhich will ask for your user credentials, and then obtain a token for future\nlogins (stored in `~/.ballsyrc`). 2FA by phone is supported.\n\nAfter logging in, signing is as easy as:\n\n    $ ballsy sign v2.0\n\nto sign the release v2.0 in the GitHub repo pointed to by the `origin` remote\nin the current directory (which is the default). Other targets can easily be\nspecified:\n\n    $ ballsy sign --remote home v2.0\n    $ ballsy sign --repo foobar/otherrepo v2.0\n\nBy default, the key specified\nin Git's `user.signingkey` property is used, but this can be overridden using\nthe `--keyid` option.\n\nIf you don't usually use releases on GitHub, just tags, it is possible to\nautomatically prepare a release given a tag (`--include-tags`). This also works\nwhen specifying multiple tags:\n\n    $ ballsy sign --include-tags v1.0 v1.2 v2.0\n\nPlease see `ballsy --help` and `ballsy sign --help` for more options.\n\n# TODO\n\nAt the moment you have to trust GitHub not to alter the contents of the\ntarballs when preparing a release. Future versions of ballsy will verify the\ncontents of the downloaded tarballs against the local content corresponding to\ngiven tags.\n\n# LICENSE\n\n2-clause BSD, see `LICENSE.txt`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsatta%2Fballsy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsatta%2Fballsy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsatta%2Fballsy/lists"}