a98202797c
This commit hardens the CI/CD pipeline and fixes the release process. - Replaces the manual release process with `goreleaser` to streamline builds and enable artifact signing. - Pins all GitHub Actions to specific commit hashes to prevent supply chain attacks. - Enables cryptographic signing of release artifacts using `cosign` and Sigstore's keyless signing. - Adds a Dependabot configuration to automate dependency updates. - Removes excessive `contents: write` permissions from workflows. - Creates an `AUDIT-CICD.md` file to document the audit findings and remediation steps. - Fixes a build failure by adding a placeholder for a missing demo file. - Updates the `.goreleaser.yaml` to include WASM and console assets in the release, fixing a regression from the previous release process. |
||
|---|---|---|
| .. | ||
| workflows | ||
| dependabot.yml | ||