v0.1.0-rc.1 - Test Release
Pre-release
Pre-release
🎉 Bazel File Operations Component Release
📦 What's Included
- Unsigned WASM Component (
file_ops_component.wasm) - Ready to use - SHA256 Checksum - For integrity verification
- Signed OCI Artifact - Available at
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
🔐 Security Features
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
🚀 Usage
Download WASM Component
# Download and verify checksum
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm.sha256
sha256sum -c file_ops_component.wasm.sha256Pull Signed OCI Artifact
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/bazel-file-ops-component:${TAG}📋 Integration with rules_wasm_component
See INTEGRATION.md for details on using this component.
🔍 Verification
All releases are:
- Built in GitHub Actions with full transparency
- Signed with Cosign using keyless signing (GitHub OIDC)
- Attested with SLSA provenance
- Checksummed with SHA256