lukaszraczylo/graphql-monitoring-proxy
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/graphql-monitoring-proxy.git synced 2026-06-05 23:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add signing images and binaries.

Browse Source
This commit is contained in:
Lukasz Raczylo
2025-12-14 23:37:40 +00:00
parent 05a07fde42
commit 623cbbcae3
2 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.goreleaser.yaml
+31
View File
@@ -65,3 +65,34 @@ dockers_v2:
dockerfile: Dockerfile.goreleaser dockerfile: Dockerfile.goreleaser
extra_files: extra_files:
- static/app - static/app
signs:
- cmd: cosign
env:
- COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}
certificate: "${artifact}.pem"
args:
- sign-blob
- "--key"
- "env://COSIGN_KEY"
- "--output-signature"
- "${signature}"
- "--output-certificate"
- "${certificate}"
- "${artifact}"
- "--yes"
artifacts: checksum
output: true
docker_signs:
- cmd: cosign
env:
- COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}
artifacts: manifests
output: true
args:
- sign
- "--key"
- "env://COSIGN_KEY"
- "${artifact}@${digest}"
- "--yes"
README.md
+17
View File
@@ -57,6 +57,23 @@ You should always try to stick to the latest and greatest version of the graphql
You can find the example of the Kubernetes manifest in the [example standalone deployment](static/kubernetes-deployment.yaml) or [example combined deployment](static/kubernetes-single-deployment.yaml) files. Observed advantage of multideployment is that it allows the network requests to travel via localhost, without leaving the deployment which brings quite significant network performance boost. You can find the example of the Kubernetes manifest in the [example standalone deployment](static/kubernetes-deployment.yaml) or [example combined deployment](static/kubernetes-single-deployment.yaml) files. Observed advantage of multideployment is that it allows the network requests to travel via localhost, without leaving the deployment which brings quite significant network performance boost.
#### Verifying Release Signatures
All release checksums and Docker images are signed with [cosign](https://github.com/sigstore/cosign). To verify:
```bash
# Verify checksum signature
cosign verify-blob \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
--signature graphql-proxy-checksums.txt.sig \
graphql-proxy-checksums.txt
# Verify Docker image
cosign verify \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
```
#### Note on websocket support #### Note on websocket support
**Native WebSocket Support Available!** Starting with version 0.27.0, the proxy includes native WebSocket support for GraphQL subscriptions. Enable it by setting `WEBSOCKET_ENABLE=true`. **Native WebSocket Support Available!** Starting with version 0.27.0, the proxy includes native WebSocket support for GraphQL subscriptions. Enable it by setting `WEBSOCKET_ENABLE=true`.