Skip to content

v0.1.0-rc.3 - AOT Embedding & CI Improvements

Pre-release
Pre-release

Choose a tag to compare

View all tags
@avrabe avrabe released this 24 Oct 17:36
· 10 commits to main since this release
v0.1.0-rc.3
236580a

🎉 Bazel File Operations Component Release

📦 What's Included

Regular WASM Component:

  • file_ops_component.wasm - Standard WebAssembly component
  • file_ops_component.wasm.sha256 - SHA256 checksum
  • Signed OCI artifact: ghcr.io/pulseengine/bazel-file-ops-component:${TAG}

AOT-Embedded WASM Component (NEW):

  • file_ops_component_aot.wasm - Component with embedded AOT compiled artifacts
  • file_ops_component_aot.wasm.sha256 - SHA256 checksum
  • Signed OCI artifact: ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot
  • Includes native code for: Linux x64/ARM64, macOS x64/ARM64, Windows x64, Pulley64 (portable)
  • Benefits: Faster startup times, better runtime performance
  • Trade-off: Larger file size (~6x) but instant execution

🔐 Security Features

  • OCI Artifact Signing - All variants signed with Cosign using GitHub OIDC (keyless)
  • SLSA Provenance - Build attestation included for all variants
  • SHA256 Checksums - For download verification

🚀 Usage

Download WASM Component (Regular)

# Download and verify checksum
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component.wasm.sha256
sha256sum -c file_ops_component.wasm.sha256

Download WASM Component (AOT-Embedded)

# Download AOT-embedded variant with native code for multiple platforms
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component_aot.wasm
wget https://github.com/pulseengine/bazel-file-ops-component/releases/download/${TAG}/file_ops_component_aot.wasm.sha256
sha256sum -c file_ops_component_aot.wasm.sha256

Pull Signed OCI Artifact (Regular)

# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}

# Verify signature with Cosign
cosign verify \
  --certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  ghcr.io/pulseengine/bazel-file-ops-component:${TAG}

# Verify SLSA provenance
cosign verify-attestation \
  --type slsaprovenance \
  --certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  ghcr.io/pulseengine/bazel-file-ops-component:${TAG}

Pull Signed OCI Artifact (AOT-Embedded)

# Pull the AOT-embedded variant
oras pull ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot

# Verify signature
cosign verify \
  --certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot

# Verify SLSA provenance
cosign verify-attestation \
  --type slsaprovenance \
  --certificate-identity-regexp="https://github.com/pulseengine/bazel-file-ops-component" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  ghcr.io/pulseengine/bazel-file-ops-component:${TAG}-aot

📋 Integration with rules_wasm_component

See INTEGRATION.md for details on using this component.

🔍 Verification

All releases are:

  • Built in GitHub Actions with full transparency
  • Signed with Cosign using keyless signing (GitHub OIDC)
  • Attested with SLSA provenance
  • Checksummed with SHA256
Assets 6
Loading