You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
draugr self-update — update the running binary in place to the latest release (or a
pinned --version), verified against the release's SHA-256 checksums and, when the cosign
CLI is present, its keyless signature. --check reports current vs latest without changing
anything; -y skips the prompt. Because it replaces the binary you're actually running, it
avoids the stale-copy/PATH confusion of having draugr installed in two places. (CI should
still pin a release.)
draugr doctor now reports your Draugr version vs the latest available (best-effort,
short timeout), nudging self-update when you're behind. Opt out with --offline or DRAUGR_NO_UPDATE_CHECK=1; it never blocks or fails the command.
draugr tools install shows an install plan and confirms interactively. It prints the
plan first — tool, version, category, verification, destination — and asks for
confirmation on a TTY (-y to skip, --dry-run to only preview); CI/pipes proceed
automatically.
cosign is now installable (draugr tools install cosign) — a pinned, SHA-256-verified
utility. It's what Draugr uses to verify other tools' and its own releases' provenance, so
making it installable lets signature verification "just work" without hunting for it. Optional: doctor reports it but never fails when absent.
draugr tools list gained a CATEGORY column (scanner vs utility).
Changed
draugr self-update now prompts only when interactive (consistent with tools install):
a TTY gets the prompt; CI/pipes proceed automatically. -y still skips it.