cosign-installer
Nuget Package Manager
cosign-installer | Nuget Package Manager | |
---|---|---|
3 | 29 | |
105 | 1,479 | |
1.9% | 0.2% | |
6.7 | 8.5 | |
4 days ago | 14 days ago | |
HTML | ||
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cosign-installer
-
Automate Docker Image Builds and Push to GitHub Registry Using GitHub Actions 🐙
name: Docker Image Publish on: push: branches: [ "main" ] # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: branches: [ "main" ] env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v3 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 with: cosign-release: 'v1.11.0' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@v2 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v4 with: context: "{{defaultContext}}:src" push: ${{ github.event_name != 'pull_request' }} # Don't push on PR tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max
-
Docker build fails on GitHub Action after net7 update
name: Docker # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. on: push: branches: [ "main" ] # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: branches: [ "main" ] paths: - src/MamisSolidarias.WebAPI.Campaigns/Dockerfile - .github/workflows/docker-publish.yml workflow_dispatch: env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io IMAGE_NAME: mamis-solidarias/campaigns jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v3 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@main with: cosign-release: 'v1.13.1' - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: platforms: 'arm64' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@v2 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=schedule type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64, linux/arm64 file: src/MamisSolidarias.WebAPI.Campaigns/Dockerfile push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
-
Sign Your Container Images with Cosign, GitHub Actions and GitHub Container Registry
[...] # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 with: cosign-release: 'v1.4.0' [...] # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
Nuget Package Manager
-
Problem with *.csproj and *.nuspec file to include static files into a nuget package
- https://github.com/NuGet/Home/issues/8843
- what do you find most frustrating about dotnet?
-
.NET 8 is on the way! +10 Features that will blow your mind 🤯
GitHub Issue
-
Docker build fails on GitHub Action after net7 update
Similar issue here: https://github.com/dotnet/sdk/issues/28971. Following the breadcrumbs it looks like it may be a NuGet issue, reported here: https://github.com/NuGet/Home/issues/12227
-
Visual Studio- Problem adding nuget packages
Your issue appears to be related to not having the appropriate permissions to the Nuget folder (so says the error). There is an existing Bug/Ticket open on the Nuget github for this exact issue. There are a few solutions and/or workarounds listed through the conversation that you can try: https://github.com/NuGet/Home/issues/12162. Unfortunately I do not have a Mac to validate the solutions or the issue myself.
-
Can't get webassembly project to build
sounds like ur terminal has no internet connection here is a setup for configuring a proxy
-
Centralized package management and dotnet add package command
The NuGet team is actively working on adding support for CPVM in .NET SDK 7.0.100/VS 17.4. There was a spec for the initial work that you can read at NuGet/Home, and they're looking to polish up and incorporate that work soon.
-
Adding Auditing to Pip
How do you currently feel about attaching the experience to install or when restoring packages? Various ecosystems do this and some get flak for it because of how many transitive dependencies and known vulnerabilities in comparison to others. I'm mostly curious because I'm working on a similar proposal here:
https://github.com/NuGet/Home/pull/11549
There's definitely a fine balance of noise, but how do you feel about it?
- License Changes for Six Labors Products
- Package integrity check failed
What are some alternatives?
cosign - Code signing and transparency for containers and binaries
AxoCover - Nice and free .Net code coverage support for Visual Studio with OpenCover.
login-action - GitHub Action to login against a Docker registry
VSColorOutput - Color highlighting to Visual Studio's Build and Debug Output Windows
Fast-Api-Vue - Simple asynchronous API implemented with Fast-Api framework utilizing Postgres as a Database and SqlAlchemy as ORM . GiHub Actions as CI/CD Pipeline. Vue + Daisy UI for the frontend
VsVIM - Vim Emulator Plugin for Visual Studio 2015+
sigstore-the-hard-way - sigstore the hard way!
Side-Waffle - A collection of Item- and Project Templates for Visual Studio
cosigneth - Container Image Signing & Verifying on Ethereum [Testnet]
Web Essentials - Visual Studio extension
build-push-action - GitHub Action to build and push Docker images with Buildx
Git Diff Margin - Git Diff Margin displays live Git changes of the currently edited file on Visual Studio margin and scroll bar. Supports Visual Studio 2012 through Visual Studio 2022