Skip to content

sixafter/types

BranchesTags

Repository files navigation

types: Common Protocol Buffer Types

This module is a set of common types expressed as Google Protocol Buffers.

Go Report Card License: Apache 2.0 Go Go Reference

Status

Build & Test

ci GitHub issues GitHub last commit

Package and Deploy

Release

Verify with Cosign

Cosign is used to sign releases for integrity verification.

To verify the integrity of the types source, run the following commands:

# Fetch the latest release tag from GitHub API (e.g., "v1.56.0")
TAG=$(curl -s https://api.github.com/repos/sixafter/types/releases/latest | jq -r .tag_name)

# Remove the leading "v" for filenames (e.g., "v1.56.0" -> "1.56.0")
VERSION=${TAG#v}

# ---------------------------------------------------------------------
# Verify the source archive using Sigstore bundles
# ---------------------------------------------------------------------

# Download the release tarball and its signature bundle
curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz"
curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz.sigstore.json"

# Verify the tarball with Cosign using the published public key
cosign verify-blob \
  --key "https://raw.githubusercontent.com/sixafter/types/main/cosign.pub" \
  --bundle "types-${VERSION}.tar.gz.sigstore.json" \
  "types-${VERSION}.tar.gz"

# ---------------------------------------------------------------------
# Verify the checksums manifest using Sigstore bundles
# ---------------------------------------------------------------------

curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt"
curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt.sigstore.json"

# Verify checksums.txt with Cosign
cosign verify-blob \
  --key "https://raw.githubusercontent.com/sixafter/types/main/cosign.pub" \
  --bundle "checksums.txt.sigstore.json" \
  "checksums.txt"

# ---------------------------------------------------------------------
# Confirm local artifact integrity
# ---------------------------------------------------------------------

shasum -a 256 -c checksups.txt

If valid, Cosign will output:

Verified OK

Overview

To use this module, execute the following command:

go get -u github.com/sixafter/types

In your Go code, you can import the module as follows.

package main

import (
    pb "github.com/sixafter/types/proto/v1/pb"
)

The use of Go vendoring is RECOMMENDED.

Contributing

Contributions are welcome. See CONTRIBUTING

License

This project is licensed under the Apache 2.0 License. See LICENSE file.

About

Foundational types expressed as Google Protocol Buffers.

Topics

protobuf types protobuf3

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 17

v1.57.4 Latest
Dec 30, 2025
+ 16 releases

Packages

No packages published

Languages