sap

command module

v0.0.0-...-7ebfa8b Latest Latest Go to latest Published: Oct 31, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lukehinds/sap

Links

Open Source Insights

README ¶

`sap`

secure artifact provisioning

🚨 `sap` is not ready for serious use at this time 🚨

sap is currently under heavy development, don't use it for anything important.

sap is a tool to sign a thing (script, file, etc) with using sigstore and then store the signature, sigstore certicate in a git repository and the rekor transparency log.

It neatly maps the script, signature and public key using the commit sha.

sap will also perform a verification of the signature and public key against the commit sha when running the install command.

Sign

Create a new github token and export it as an environment variable

export GITHUB_AUTH_TOKEN="your-token"

sap sign --script path/to/script.sh --owner jdoe --repo myrepo --author-email [email protected] --author-name jdoe --base-branch main --commit-branch pr-branch --commit-message "Pusshing new script" --pr-text "New script revision" --pr-title "New Script changes"

Install

sap sign --script path/to/script.sh --owner jdoe --repo myrepo script.sh

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
pkg
githubapi
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL