search

seedwing-io / seedwing-proxy

Policy-enforcing Artifact Proxy
Apache License 2.0
2 stars 3 forks source link

readme

= Seedwing Proxy

The Seedwing Proxy is a stateless proxy that sits between a build pipeline and any upstream repository contributing to the build.

By applying a build-specific policy, the Seedwing Proxy will allow or disallow access to the upstream artifacts based upon signatures in Sigstore, and possibly In-Toto in the future.

image::docs/high-level.svg[]

== Configuration

Despite its name, this is not a web/http proxy in the conventional sense. It behaves as a local registry, proxying requests for software artifacts to an actual repository and returning them only if they match a given policy.

=== Cargo

The seedwing proxy includes support for both git based registries and those accessible via the newer sparse protocol.

If your cargo installation supports the newer sparse protocol use the following cargo configuration

In .cargo/config:

[source.seedwing]
registry = "sparse+http://localhost:8181/sparse-crates-io/index/"

[source.crates-io]
replace-with = "seedwing"

To use the git based index protocol use the following cargo configuration

In .cargo/config:

[source.seedwing]
registry = "http://localhost:8181/crates-io/"

[source.crates-io]
replace-with = "seedwing"

=== Maven

In settings.xml:

<settings>

  <mirrors>
    <mirror>
      <id>seedwing</id>
      <name>Seedwing "Proxy" Repository</name>
      <url>http://0.0.0.0:8181/m2</url>
      <mirrorOf>central</mirrorOf> <!-- This is important -->
    </mirror>
  </mirrors>
  ...
</settings>

=== npm

For npm, you first need to set the default npm registry with the URL of the proxy:

npm config set registry http://0.0.0.0:8181/npm

To force your dependencies to be downloaded through the proxy, you should remove your project's copies and clear the cache prior to installing them:

rm -rf node_modules/
npm cache clean --force
npm install

=== bundler

For bundler, you must link the rubygems registry with the URL of the proxy:

bundle config set --global mirror.https://rubygems.org http://localhost:8181/gems

To force your gems to be downloaded through the proxy, you should clear the cache prior to installing them:

bundle clean --force
bundle install

To remove the configuration:

bundle config unset --global mirror.https://rubygems.org