b86e0c3e8e
This commit hardens the CI/CD pipeline by addressing several security vulnerabilities. - Replaces the manual release process with `goreleaser` to streamline builds and enable artifact signing. - Pins all GitHub Actions to specific commit hashes to prevent supply chain attacks. - Enables cryptographic signing of release artifacts using `cosign` and Sigstore's keyless signing. - Adds a Dependabot configuration to automate dependency updates. - Removes excessive `contents: write` permissions from workflows. - Creates an `AUDIT-CICD.md` file to document the audit findings and remediation steps. Co-authored-by: Snider <631881+Snider@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| go.yml | ||
| mkdocs.yml | ||
| release.yml | ||