taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: pin Docker base images by SHA, cosign signing in release, branch protection

Browse Source 
- Pin alpine:3.20 by SHA digest in all Dockerfiles (Pinned-Dependencies)
- Add cosign keyless signing for Docker images and binary (Signed-Releases)
- Enable branch protection: strict status checks, linear history, no force push
- Add .sig and .pem to GitHub Release assets
This commit is contained in:
devitway
2026-03-18 09:49:45 +00:00
parent 68ed6546c8
commit ccaf543bcc
4 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.astra
View File

@@ -5,7 +5,7 @@
# FROM registry.astralinux.ru/library/alse:latest
# RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
FROM alpine:3.20 AS certs
FROM alpine:3.20@sha256:a4f4213abb84c497377b8544c81b3564f313746700372ec4fe84653e4fb03805 AS certs
RUN apk add --no-cache ca-certificates
FROM scratch