search

nearform / nodejs-distribution

Repository for the various Node.js docker distributions nearForm provide and maintain
https://www.nearform.com
4 stars 1 forks source link

Get sources from checkout and run Node.js test suite #5

Closed Elexy closed 6 years ago

Elexy commented 6 years ago

@mcollina @mavdi The release download we validated with a GPG key, now we 'just' clone. Wondering if we can / need to secure that in some way.

mavdi commented 6 years ago

Node tags in GitHub are signed. As long as we can trust the Github certificate, I don't think we need to further verify it.

Elexy commented 6 years ago

The Node.js tests are running in this branch and we are verifying the Tag with GPG keys. https://circleci.com/gh/nearform/nodejs-distribution/1124

Anything else before approval?

mavdi commented 6 years ago

Looks good!