lukaszraczylo/graphql-monitoring-proxy
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/graphql-monitoring-proxy.git synced 2026-06-05 23:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add signing images and binaries.

Browse Source
This commit is contained in:
Lukasz Raczylo
2025-12-14 23:37:40 +00:00
parent 05a07fde42
commit 623cbbcae3
2 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.goreleaser.yaml
+31
View File
@@ -65,3 +65,34 @@ dockers_v2:
dockerfile: Dockerfile.goreleaser
extra_files:
- static/app
signs:
- cmd: cosign
env:
- COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}
certificate: "${artifact}.pem"
args:
- sign-blob
- "--key"
- "env://COSIGN_KEY"
- "--output-signature"
- "${signature}"
- "--output-certificate"
- "${certificate}"
- "${artifact}"
- "--yes"
artifacts: checksum
output: true
docker_signs:
- cmd: cosign
env:
- COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}
artifacts: manifests
output: true
args:
- sign
- "--key"
- "env://COSIGN_KEY"
- "${artifact}@${digest}"
- "--yes"
README.md
+17
View File
@@ -57,6 +57,23 @@ You should always try to stick to the latest and greatest version of the graphql
You can find the example of the Kubernetes manifest in the [example standalone deployment](static/kubernetes-deployment.yaml) or [example combined deployment](static/kubernetes-single-deployment.yaml) files. Observed advantage of multideployment is that it allows the network requests to travel via localhost, without leaving the deployment which brings quite significant network performance boost.
#### Verifying Release Signatures
All release checksums and Docker images are signed with [cosign](https://github.com/sigstore/cosign). To verify:
```bash
# Verify checksum signature
cosign verify-blob \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
--signature graphql-proxy-checksums.txt.sig \
graphql-proxy-checksums.txt
# Verify Docker image
cosign verify \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
```
#### Note on websocket support
**Native WebSocket Support Available!** Starting with version 0.27.0, the proxy includes native WebSocket support for GraphQL subscriptions. Enable it by setting `WEBSOCKET_ENABLE=true`.