-
Carol v0.0.1-rc.4
Pre-releaseSome checks failedCommits / Conventional Commits (pull_request) Successful in 12sPR / Static analysis (pull_request) Successful in 45sPR / Lint (pull_request) Successful in 1m5sPR / OSV-Scanner (pull_request) Successful in 21sSecrets / gitleaks (pull_request) Successful in 20sPR / Typecheck (pull_request) Successful in 1m36sPR / npm audit (pull_request) Failing after 1m27sPR / Test (sqlite) (pull_request) Successful in 1m51sPR / Test (postgres) (pull_request) Successful in 1m56sPR / Trivy (image) (pull_request) Successful in 1m14sPR / Build (pull_request) Successful in 2m10sRelease / Build, sign, and publish (push) Successful in 44sreleased this
2026-06-18 02:33:23 +00:00 | 392 commits to main since this release0.0.1-rc.4 — 2026-06-18
Build / tooling
- apply install-script allowlist to Dockerfile npm ci (#69) (
15e3adf) - add actionlint pre-commit hook for workflow files (#88) (
cd08810)
CI
- post scanner findings as sticky PR comments (#68) (
1d0d83b) - enforce Conventional Commits via commit-msg hook and PR gate (#70) (
bab9138) - add actionlint check to PR static-analysis job (#89) (
0155422) - bump gitleaks to 8.30.1 (#86) (
47acafc)
Other
- Merge pull request 'ci(commits): enforce Conventional Commits via commit-msg hook and PR gate (#70)' (#93) from 70-conventional-commits into main (
d70a557) - Merge pull request 'ci(security): add actionlint check to PR static-analysis job (#89)' (#92) from 89-actionlint-ci into main (
1b82c7f) - Merge pull request 'build(security): apply install-script allowlist to Dockerfile npm ci (#69)' (#90) from 69-dockerfile-allow-scripts into main (
1dc3db3) - Merge pull request 'build(security): add actionlint pre-commit hook for workflow files (#88)' (#91) from 88-actionlint-prehook into main (
2b8fed4) - Merge pull request 'ci(security): bump gitleaks to 8.30.1 (#86)' (#87) from 85-gitleaks-broaden-forgejo-mcp into main (
c0c5ea6) - Merge pull request 'docs(release): cosign.pub URL must be anonymously fetchable + clarify verify "offline" (#83)' (#84) from 83-cosign-pub-public-docs into main (
e377f81)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:3a817504d2d400ddff884ba653f7236ec4f4b4f3d7033bfe58c54ae3f70b45a9 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:3a817504d2d400ddff884ba653f7236ec4f4b4f3d7033bfe58c54ae3f70b45a9Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- apply install-script allowlist to Dockerfile npm ci (#69) (