• v0.0.1-rc.3 d009c6ee87

    Carol v0.0.1-rc.3
    All checks were successful
    Secrets / gitleaks (pull_request) Successful in 19s
    PR / OSV-Scanner (pull_request) Successful in 39s
    PR / npm audit (pull_request) Successful in 43s
    PR / Typecheck (pull_request) Successful in 43s
    PR / Static analysis (Semgrep) (pull_request) Successful in 45s
    PR / Lint (pull_request) Successful in 50s
    PR / Trivy (image) (pull_request) Successful in 51s
    PR / Test (sqlite) (pull_request) Successful in 1m1s
    PR / Test (postgres) (pull_request) Successful in 1m2s
    PR / Build (pull_request) Successful in 1m18s
    Release / Build, sign, and publish (push) Successful in 16s
    Pre-release

    james released this 2026-06-17 21:50:11 +00:00 | 404 commits to main since this release

    Signed by james
    SSH key fingerprint: SHA256:vAv/s1UqS+brNCXATCv/JPKIc/j94WCgmQAszXM+m8s

    0.0.1-rc.3 — 2026-06-17

    Documentation

    • cosign.pub URL must be anonymously fetchable + clarify verify "offline" (#83) (d009c6e)

    Other

    • Merge pull request 'fix(release): publish cosign sigs to Sigstore Rekor (#81)' (#82) from 81-cosign-no-rekor into main (c1097ae)

    Verifying the image

    cosign verify \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:0cc2f5f6e6bdcfe00e77d9f7411004d82766927f4603a0264b97a96487b2212c
    
    cosign verify-attestation \
      --type slsaprovenance1 \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:0cc2f5f6e6bdcfe00e77d9f7411004d82766927f4603a0264b97a96487b2212c
    
    Downloads