EJSON's binary releases are compiled on a developer machine.
Given EJSON's place low in the stack, users trust it to handle keys and decrypted secrets. Building release binaries in ephemeral CI would provide greater assurance they haven't been tampered with.
EJSON's binary releases are compiled on a developer machine. Given EJSON's place low in the stack, users trust it to handle keys and decrypted secrets. Building release binaries in ephemeral CI would provide greater assurance they haven't been tampered with.
Another Shopify OSS project, toxiproxy, recently adopted goreleaser to compile artifacts and configured release build on GitHub Actions. Could EJSON do that too?
Related