Skip to content

Feat/add deatils version command#8

Merged
hi-lei merged 4 commits intomainfrom
feat/add-deatils-version-command
Apr 5, 2026
Merged

Feat/add deatils version command#8
hi-lei merged 4 commits intomainfrom
feat/add-deatils-version-command

Conversation

@hi-lei
Copy link
Copy Markdown
Collaborator

@hi-lei hi-lei commented Apr 5, 2026

Description

Type of Change

  • feat: New feature
  • fix: Bug fix
  • refactor: Code refactoring
  • docs: Documentation
  • test: Tests
  • chore: Maintenance
  • ci: CI/CD changes

Checklist

  • I have performed a self-review of my own code
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally (make test)
  • Pre-commit checks pass (make pre-commit)
  • My changes generate no new warnings or errors

Related Issues

Additional Context

Note: Use conventional commit messages (e.g. feat:, fix:, chore:).
The CHANGELOG is auto-generated from conventional commit messages at release time.

hi-lei and others added 4 commits April 5, 2026 15:26
@hi-lei @claude
feat: add cosign release signing and version --verify flag
a83488a 
Add binary integrity verification to the Verda CLI:

- Release workflow: generate raw binary checksums, sign with cosign
  (keyless OIDC), and upload signing artifacts to GitHub Releases
- Version command: add --verify flag that computes SHA256 of the running
  binary and compares against published checksums from GitHub Releases
- Version command: show verdacloud-sdk-go and verdagostack dependency
  versions in output

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hi-lei @claude
feat: add versioned User-Agent header to all HTTP requests
3b90cfc 
Set User-Agent to "verda-cli/<version>" on both the SDK client and the
shared http.Client via a custom RoundTripper, enabling server-side
analytics of CLI version distribution.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hi-lei @claude
fix: address gosec and errcheck lint findings in verify
3df5d82 
- Suppress G304 (file inclusion via variable) on os.Open since path
  comes from os.Executable, not user input
- Use 0600 permissions for test temp files (G306)
- Check fmt.Fprint return values in test handlers (errcheck)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hi-lei @claude
fix: use full workflow URI for cosign certificate identity in docs
b066612 
Pin the manual verification instructions to the exact workflow path
(release.yml@refs/*) instead of just the repo name, per Sigstore
OIDC best practices. A loose identity pattern could match other
workflows or forks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hi-lei hi-lei merged commit e2960a7 into main Apr 5, 2026
13 checks passed
@hi-lei hi-lei deleted the feat/add-deatils-version-command branch April 5, 2026 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hi-lei