• v0.0.1-rc.1 da6eece9b0

    Carol v0.0.1-rc.1
    All checks were successful
    Secrets / gitleaks (pull_request) Successful in 26s
    PR / Trivy (image) (pull_request) Successful in 38s
    PR / OSV-Scanner (pull_request) Successful in 40s
    PR / npm audit (pull_request) Successful in 45s
    PR / Lint (pull_request) Successful in 49s
    PR / Static analysis (Semgrep) (pull_request) Successful in 53s
    PR / Typecheck (pull_request) Successful in 1m0s
    PR / Test (sqlite) (pull_request) Successful in 1m3s
    PR / Test (postgres) (pull_request) Successful in 1m7s
    PR / Build (pull_request) Successful in 1m13s
    Release / Build, sign, and publish (push) Successful in 21s
    Pre-release

    james released this 2026-06-17 19:46:39 +00:00 | 406 commits to main since this release

    Signed by james
    SSH key fingerprint: SHA256:vAv/s1UqS+brNCXATCv/JPKIc/j94WCgmQAszXM+m8s

    0.0.1-rc.1 — 2026-06-17

    Bug fixes

    • explicitly publish cosign sigs to Rekor (#81) (da6eece)

    Other

    • Merge pull request 'fix(release): pin to existing cosign binary version v2.5.3 (#79)' (#80) from 79-cosign-version-fix into main (57cde21)

    Verifying the image

    cosign verify \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:7cf4937ed1434e79f9bbfc8f0a731d60724940414a42c5893985840ce51061e8
    
    cosign verify-attestation \
      --type slsaprovenance1 \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:7cf4937ed1434e79f9bbfc8f0a731d60724940414a42c5893985840ce51061e8
    
    Downloads