notation
earthly
Our great sponsors
notation | earthly | |
---|---|---|
7 | 18 | |
289 | 10,838 | |
6.6% | 4.6% | |
8.9 | 9.8 | |
6 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
notation
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.
earthly
-
Cache is King: A guide for Docker layer caching in GitHub Actions
Also CACHE keyword, for cache mounts. Makes incremental tools like compilers work well in the context of dockerfiles and layer caches.
That can extend beyond just producing docker iamges as well. Under the covers the CACHE keyword is how lib/rust in Earthly makes building Rust artifacts in CI faster.
https://github.com/earthly/earthly/issues/1399
-
Is your makefile supposed to be a justfile?
earthly
-
Show HN: Earthly 0.7.0
A few of us will be around to answer questions if anyone has any. I myself worked only worked on the chmod feature which was pretty trivial.
https://github.com/earthly/earthly/pull/1821
-
Earthly CI: Launching a new era for CI
[2] https://github.com/earthly/earthly/releases/tag/v0.7.0
-
Containerize CI pipelines with Earthly
# cat Makefile BIN_PATH = $(shell pwd)/bin $(shell mkdir $(BIN_PATH) &>/dev/null) EARTHLY = $(BIN_PATH)/earthly earthly: ifeq (,$(wildcard $(EARTHLY))) curl -L https://github.com/earthly/earthly/releases/download/v0.6.23/earthly-linux-amd64 -o $(EARTHLY) chmod +x $(EARTHLY) endif
- Earthly - The effortless ci/cd framework that runs anywhere
-
GitHub Actions Is Down
I started to bring awareness to the Earthfiles goofy license, but it seems they've switched to MPL! https://github.com/earthly/earthly/releases/tag/v0.6.15
The (unfortunately named) Dagger is also an entry into that space: https://github.com/dagger/dagger#readme (Apache 2)
-
Please name some open source projects which are collecting small user analytics metrics and how
- https://github.com/earthly/earthly/tree/main/analytics
-
Dagger: a new way to build CI/CD pipelines
Another *monster* difference is that Dagger is (at least currently) Apache 2: https://github.com/dagger/dagger/blob/v0.2.4/LICENSE but Earthly went with BSL: https://github.com/earthly/earthly/blob/v0.6.12/LICENSE
That means I'm more likely to submit bugs and patches to Dagger, and I won't touch Earthly
-
Migrating Your Open Source Builds Off Of Travis CI
Example build steps for a go application
What are some alternatives?
cosign - Code signing and transparency for containers and binaries
dagger - Application Delivery as Code that Runs Anywhere
net-monitor - The sample net-monitor software, used as samples in Notary v2 (https://github.com/notaryproject/notaryproject)
Dagger.jl - A framework for out-of-core and parallel execution
ratify - Artifact Ratification Framework
dagger-for-github - GitHub Action for Dagger
grafeas - Artifact Metadata API
act - Run your GitHub Actions locally 🚀
secure-supply-chain-on-aks - Learn how to use open-source tools to secure your container deployments on Azure Kubernetes Service.
docker-flask-example - A production ready example Flask app that's using Docker and Docker Compose.
distribution - distribution with reference types
pipeline - A cloud-native Pipeline resource.