Comments (1)
I understand the desire to make the latest artifact fetching less involved but I'd like to stick with artifact names including version information along with os+arch. The reasons are consistency with common practice, and metadata commitment to signed artifact manifests (SHA256
and SHA256.sig
).
Don't mean to drop unsolicited operational security advice but I'd highly recommend adding signature1 checking to your artifact fetching automation. Something that'll require a bit scripting on its own, as mentioned in the README.
On the off chance you already have Go in your "build environment", you can use go install bdd.fi/x/runitor/cmd/runitor@latest
, to fetch the latest tag, and build locally. Certainly not as small or as ubiquitous tool like curl, and AFAIK cannot verify signed Git tags either.
Footnotes
-
Runitor release binaries are signed manually by me, offline, after ensuring reproducible build to GH Action built ones from the release tag. The keys listed at https://bdd.fi/x/runitor.pub were all generated on hardware tokens in such a way private keys cannot be exported. The distribution endpoint, hosted on Fly, has discrete credentials to my GH account. Same goes for the domain registrar (Gandi), and the DNS provider (Google).
↩
from runitor.
Related Issues (20)
- Supress command output HOT 4
- Runitor unable to ping healthchecks but curl works fine HOT 2
- Add GPG signatures or file hashes to released files HOT 8
- HC_API_URL env variable doesn't work as expected HOT 1
- UnicodeDecodeError on success ping with special characters from a Windows host HOT 4
- No ping-status 'OK' when script has no stderr/out? HOT 4
- Feature Request: Custom Header Support HOT 4
- Update default value for -ping-body-limit HOT 2
- error: the input device is not a TTY HOT 2
- Feature request: Send command used on start HOT 2
- Feature request: Ignore HOT 1
- `panic: runtime error: invalid memory address or nil pointer dereference` on invalid slugs HOT 2
- Feature request: Upload logs to S3 HOT 7
- Ping body limit? HOT 1
- Feature request: add "log" endpoint HOT 13
- Add handling for HTTP 429 responses HOT 2
- Regression: API URL handling changed with release 1.1.0 HOT 9
- 307/308 redirects aren't handled well HOT 8
- Feature request: Update flag HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from runitor.