taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: pin Docker base images by SHA, cosign signing in release, branch protection

Browse Source 
- Pin alpine:3.20 by SHA digest in all Dockerfiles (Pinned-Dependencies)
- Add cosign keyless signing for Docker images and binary (Signed-Releases)
- Enable branch protection: strict status checks, linear history, no force push
- Add .sig and .pem to GitHub Release assets
This commit is contained in:
devitway
2026-03-18 09:49:45 +00:00
parent 68ed6546c8
commit ccaf543bcc
4 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1.4
# Binary is pre-built by CI (cargo build --release) and passed via context
FROM alpine:3.20
FROM alpine:3.20@sha256:a4f4213abb84c497377b8544c81b3564f313746700372ec4fe84653e4fb03805
RUN apk add --no-cache ca-certificates && mkdir -p /data