lukaszraczylo/graphql-monitoring-proxy
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/graphql-monitoring-proxy.git synced 2026-06-05 23:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add signing of the builds

Browse Source
This commit is contained in:
Lukasz Raczylo
2025-12-15 00:42:45 +00:00
parent 623cbbcae3
commit c0f5f0830d
3 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7 -5
View File
@@ -59,18 +59,20 @@ You can find the example of the Kubernetes manifest in the [example standalone d
#### Verifying Release Signatures
All release checksums and Docker images are signed with [cosign](https://github.com/sigstore/cosign). To verify:
All release checksums and Docker images are signed with [cosign](https://github.com/sigstore/cosign) using keyless signing. To verify:
```bash
# Verify checksum signature
cosign verify-blob \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
--signature graphql-proxy-checksums.txt.sig \
graphql-proxy-checksums.txt
--certificate-identity-regexp "https://github.com/lukaszraczylo/graphql-monitoring-proxy/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
--bundle "<checksums-file>.sigstore.json" \
<checksums-file>
# Verify Docker image
cosign verify \
--key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
--certificate-identity-regexp "https://github.com/lukaszraczylo/graphql-monitoring-proxy/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
```