Skip to content

v0.1.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 31 May 17:11
· 2 commits to main since this release
v0.1.0
b960079
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Initial version 🎉

Install the CLI

To install the CLI, run:

VERSION=v0.1.0

# change accordingly to your OS/arch
OS=linux # or darwin
ARCH=amd64 # or arm64

curl -Lo kueuleuleu "https://github.com/norbjd/kueueleuleu/releases/download/$VERSION/kueueleuleu-$OS-$ARCH"
chmod u+x kueuleuleu

To verify the provenance (TL;DR: ensure the binary was built from the tag source code and was not tampered), use slsa-verifier:

curl -Lo kueueleuleu.intoto.jsonl "https://github.com/norbjd/kueueleuleu/releases/download/$VERSION/kueueleuleu-$OS-$ARCH.intoto.jsonl"

slsa-verifier verify-artifact kueuleuleu \
  --provenance-path kueueleuleu.intoto.jsonl \
  --source-uri github.com/norbjd/kueueleuleu \
  --source-tag $VERSION

It should display: PASSED: Verified SLSA provenance.

Use the library

To use the library, just go get it:

VERSION=v0.1.0

go get github.com/norbjd/kueueleuleu@$VERSION
Assets 8
Loading