This module is a set of common types expressed as Google Protocol Buffers.
Cosign is used to sign releases for integrity verification.
To verify the integrity of the types source, run the following commands:
# Fetch the latest release tag from GitHub API (e.g., "v1.47.0")
TAG=$(curl -s https://api.github.com/repos/sixafter/types/releases/latest | jq -r .tag_name)
# Remove leading "v" for filenames (e.g., "v1.47.0" -> "1.47.0")
VERSION=${TAG#v}
# Verify the release tarball
cosign verify-blob \
--key https://raw.githubusercontent.com/sixafter/types/main/cosign.pub \
--signature types-${VERSION}.tar.gz.sig \
types-${VERSION}.tar.gz
# Download checksums.txt and its signature from the latest release assets
curl -LO https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt
curl -LO https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt.sig
# Verify checksums.txt with cosign
cosign verify-blob \
--key https://raw.githubusercontent.com/sixafter/types/main/cosign.pub \
--signature checksums.txt.sig \
checksums.txtIf valid, Cosign will output:
Verified OKTo use this module, execute the following command:
go get -u github.com/sixafter/typesIn your Go code, you can import the module as follows.
package main
import (
"github.com/sixafter/types"
)The use of Go vendoring is RECOMMENDED.
Contributions are welcome. See CONTRIBUTING
This project is licensed under the Apache 2.0 License. See LICENSE file.