Releases: pulseengine/bazel-file-ops-component
Releases · pulseengine/bazel-file-ops-component
v0.1.0 - First Stable Release
File Operations WebAssembly Components
This release includes both TinyGo and Rust implementations of file operations components:
TinyGo Implementation
- Security-focused: Minimal attack surface and compact binaries
- WASI Preview 2: Native support for modern WebAssembly runtimes
- JSON API: Compatible with existing JSON batch operations
Rust Implementation
- Performance-optimized: Advanced streaming I/O and parallel processing
- Feature-rich: Comprehensive error handling and security validation
- Enhanced API: Extended capabilities beyond basic file operations
Usage
Download the appropriate package for your platform and integrate with your Bazel build system using the dual implementation toolchain.
See documentation for detailed integration instructions.
v0.1.0-rc.3 - AOT Embedding & CI Improvements
🎉 Bazel File Operations Component Release
📦 What's Included
Regular WASM Component:
file_ops_component.wasm- Standard WebAssembly componentfile_ops_component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
AOT-Embedded WASM Component (NEW):
file_ops_component_aot.wasm- Component with embedded AOT compiled artifactsfile_ops_component_aot.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot - Includes native code for: Linux x64/ARM64, macOS x64/ARM64, Windows x64, Pulley64 (portable)
- Benefits: Faster startup times, better runtime performance
- Trade-off: Larger file size (~6x) but instant execution
🔐 Security Features
- ✅ OCI Artifact Signing - All variants signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included for all variants
- ✅ SHA256 Checksums - For download verification
🚀 Usage
Download WASM Component (Regular)
# Download and verify checksum
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm.sha256
sha256sum -c file_ops_component.wasm.sha256Download WASM Component (AOT-Embedded)
# Download AOT-embedded variant with native code for multiple platforms
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component_aot.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component_aot.wasm.sha256
sha256sum -c file_ops_component_aot.wasm.sha256Pull Signed OCI Artifact (Regular)
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}Pull Signed OCI Artifact (AOT-Embedded)
# Pull the AOT-embedded variant
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot
# Verify signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot📋 Integration with rules_wasm_component
See INTEGRATION.md for details on using this component.
🔍 Verification
All releases are:
- Built in GitHub Actions with full transparency
- Signed with Cosign using keyless signing (GitHub OIDC)
- Attested with SLSA provenance
- Checksummed with SHA256
v0.1.0-rc.2 - Dependency Updates
🎉 Bazel File Operations Component Release
📦 What's Included
- Unsigned WASM Component (
file_ops_component.wasm) - Ready to use - SHA256 Checksum - For integrity verification
- Signed OCI Artifact - Available at
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
🔐 Security Features
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
🚀 Usage
Download WASM Component
# Download and verify checksum
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm.sha256
sha256sum -c file_ops_component.wasm.sha256Pull Signed OCI Artifact
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}📋 Integration with rules_wasm_component
See INTEGRATION.md for details on using this component.
🔍 Verification
All releases are:
- Built in GitHub Actions with full transparency
- Signed with Cosign using keyless signing (GitHub OIDC)
- Attested with SLSA provenance
- Checksummed with SHA256
v0.1.0-rc.1 - Test Release
🎉 Bazel File Operations Component Release
📦 What's Included
- Unsigned WASM Component (
file_ops_component.wasm) - Ready to use - SHA256 Checksum - For integrity verification
- Signed OCI Artifact - Available at
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
🔐 Security Features
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
🚀 Usage
Download WASM Component
# Download and verify checksum
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm.sha256
sha256sum -c file_ops_component.wasm.sha256Pull Signed OCI Artifact
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}📋 Integration with rules_wasm_component
See INTEGRATION.md for details on using this component.
🔍 Verification
All releases are:
- Built in GitHub Actions with full transparency
- Signed with Cosign using keyless signing (GitHub OIDC)
- Attested with SLSA provenance
- Checksummed with SHA256