Skip to content

feat(bundle): private Sigstore via --fulcio-url and --rekor-url#1158

Merged
lockwobr merged 2 commits into
mainfrom
feat/bundle-fulcio-rekor-urls
Jun 3, 2026
Merged

feat(bundle): private Sigstore via --fulcio-url and --rekor-url#1158
lockwobr merged 2 commits into
mainfrom
feat/bundle-fulcio-rekor-urls

Conversation

@lockwobr

@lockwobr lockwobr commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds --fulcio-url / --rekor-url flags (and matching config fields) to aicr bundle so --attest keyless signing can target a private Sigstore instance instead of the public-good endpoints.

Motivation / Context

Organizations running their own Fulcio CA and/or Rekor transparency log could not point AICR at them — all signing hit public Sigstore. The signing library already accepted custom endpoints (SignOptions.FulcioURL/RekorURL with default fallback); this PR connects the CLI and config layers so the capability is actually reachable.

Fixes: #408
Related: #1149

Type of Change

  • New feature (non-breaking change that adds functionality)

Component(s) Affected

  • CLI (cmd/aicr, pkg/cli)
  • Bundlers (pkg/bundler, pkg/component/*)
  • Core libraries (pkg/errors, pkg/k8s) — pkg/defaults
  • Docs/examples (docs/, examples/)

Implementation Notes

  • ResolveOptions carries FulcioURL/RekorURL; NewKeylessAttester(token, fulcio, rekor) applies the public-good default on empty, so existing callers are unaffected. Both the eager and lazy resolver paths thread the URLs to SignStatement.
  • Config: spec.bundle.attestation.fulcioURL/rekorURLBundleResolved.
  • CLI validates both flags at parse time as absolute https:// URLs (fail fast, before bundling), via a shared config.ValidateHTTPSURL(label, raw) helper that lives next to the sibling ValidateAppName.
  • Moved the Sigstore default endpoints out of pkg/bundler/attestation into pkg/defaults as SigstoreFulcioURL / SigstoreRekorURL (matching the existing SigstoreSignTimeout convention) and updated all call sites, including pkg/evidence/attestation/emit.go.
  • The two URLs are independent (private Fulcio + public Rekor, or vice versa); public Sigstore is the default when omitted.
  • Verifier support for privately-signed bundles is intentionally out of scope here and tracked under epic [Epic]: Closed supply chain (V1) — enterprise signing and verification #1149 (feat(verify): private Sigstore trust root for bundle verification #1153).

Testing

make qualify

make qualify passes end-to-end: unit tests (-race), golangci-lint (0 issues), chainsaw e2e (22 passed / 0 failed), vulnerability scan (no vulnerabilities), license-header and repo checks. New table-driven tests cover NewKeylessAttester URL defaulting, resolver URL propagation (eager + lazy), config resolution, CLI flag parsing + HTTPS-validation rejection, and the shared ValidateHTTPSURL.

Risk Assessment

  • Low — Additive flags; default behavior (public Sigstore) is unchanged when the flags are omitted. The constant move is mechanical with all call sites updated and covered by the full gate.

Rollout notes: Backwards compatible. No migration. --fulcio-url/--rekor-url are opt-in and only take effect with --attest.

Checklist

  • Tests pass locally (make test with -race)
  • Linter passes (make lint)
  • I did not skip/disable tests to make CI green
  • I added/updated tests for new functionality
  • I updated docs if user-facing behavior changed
  • Changes follow existing patterns in the codebase
  • Commits are cryptographically signed (git commit -S)

@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds --fulcio-url and --rekor-url support end-to-end: new defaults constants, NewKeylessAttester accepts endpoint overrides, ResolveOptions and lazy resolver propagate them, SignStatement/signAndPush use resolved URLs, config schema and Resolve validate HTTPS URLs, CLI flags parse and preflight-validate inputs, tests updated/added, and CLI docs extended.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

Suggested labels

size/XL

Suggested reviewers

  • njhensley
  • mchmarny
🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'feat(bundle): private Sigstore via --fulcio-url and --rekor-url' clearly and concisely describes the main change—adding CLI flags for private Sigstore endpoints to the bundle command.
Description check ✅ Passed The PR description is comprehensive and directly related to the changeset, explaining the motivation, implementation approach, testing, and risk assessment for adding private Sigstore support.
Linked Issues check ✅ Passed All code changes fully satisfy the linked issue #408 objectives: new CLI flags added to aicr bundle for --fulcio-url and --rekor-url, validation at input boundaries, independent URL configuration, backward compatibility maintained, and public Sigstore remains default when flags omitted.
Out of Scope Changes check ✅ Passed All changes are in-scope: CLI flags, config fields, validation utilities, documentation updates, and supporting code are all necessary to enable private Sigstore support as specified in #408; verifier changes are explicitly scoped out as tracked under #1149.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/bundle-fulcio-rekor-urls

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/config/resolve.go (1)

239-244: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Validate attestation URLs at the config-resolve boundary.

BundleSpec.Resolve() currently copies spec.bundle.attestation.fulcioURL / rekorURL verbatim, so malformed config values only fail later in CLI parsing and lose the spec.bundle... attribution this resolver promises. Non-CLI callers of Resolve() also get no validation at all. Validate these fields here with spec-path labels before assigning them.

♻️ Proposed fix
 	if b.Attestation != nil {
 		out.Attest = b.Attestation.Enabled
 		out.CertIDRegexp = b.Attestation.CertificateIdentityRegexp
 		out.OIDCDeviceFlow = b.Attestation.OIDCDeviceFlow
+		if err := bundlercfg.ValidateHTTPSURL("spec.bundle.attestation.fulcioURL", b.Attestation.FulcioURL); err != nil {
+			return nil, err
+		}
+		if err := bundlercfg.ValidateHTTPSURL("spec.bundle.attestation.rekorURL", b.Attestation.RekorURL); err != nil {
+			return nil, err
+		}
 		out.FulcioURL = b.Attestation.FulcioURL
 		out.RekorURL = b.Attestation.RekorURL
 	}

Based on learnings: if an error is already created/wrapped with pkg/errors and includes the correct structured error code, return it as-is; do not double-wrap it.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/config/resolve.go` around lines 239 - 244, In BundleSpec.Resolve(),
validate b.Attestation.FulcioURL and b.Attestation.RekorURL before assigning to
out.FulcioURL/out.RekorURL: parse and ensure they are well-formed URLs and, on
error, return a validation error that includes the spec-path label (e.g.
"spec.bundle.attestation.fulcioURL"/"spec.bundle.attestation.rekorURL"); do this
validation when b.Attestation != nil (where out.Attest and other fields are set)
and avoid double-wrapping errors already created with pkg/errors — if the
returned error already carries the proper structured code, return it as-is.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/bundler/config/config.go`:
- Around line 117-129: ValidateHTTPSURL currently accepts URLs with embedded
credentials (u.User non-nil); update ValidateHTTPSURL to reject any URL where
u.User != nil by returning an ErrCodeInvalidRequest with a clear message (e.g.,
"credentials are not allowed in %s %q"), and add a unit test
TestValidateHTTPSURL that asserts a URL like "https://user:[email protected]/..."
produces an error. Ensure you reference and check u.User in the ValidateHTTPSURL
function and include the new test case to cover this rejection.

In `@pkg/evidence/attestation/emit.go`:
- Around line 256-260: The attestation signing currently overrides configured
Sigstore endpoints by passing defaults.SigstoreFulcioURL and
defaults.SigstoreRekorURL into bundleattest.SignStatement; update the call in
emit.go so SignOptions uses the resolved endpoints from the attestation options
(e.g., opts.OIDCResolve.FulcioURL and opts.OIDCResolve.RekorURL) instead of the
hardcoded defaults; ensure you fall back to the defaults only if
opts.OIDCResolve or its FulcioURL/RekorURL fields are empty, and keep
token/OIDCToken plumbing the same when calling bundleattest.SignStatement.

---

Outside diff comments:
In `@pkg/config/resolve.go`:
- Around line 239-244: In BundleSpec.Resolve(), validate b.Attestation.FulcioURL
and b.Attestation.RekorURL before assigning to out.FulcioURL/out.RekorURL: parse
and ensure they are well-formed URLs and, on error, return a validation error
that includes the spec-path label (e.g.
"spec.bundle.attestation.fulcioURL"/"spec.bundle.attestation.rekorURL"); do this
validation when b.Attestation != nil (where out.Attest and other fields are set)
and avoid double-wrapping errors already created with pkg/errors — if the
returned error already carries the proper structured code, return it as-is.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 0f14f339-d30f-4cff-bcc6-5d7abbbe0c5e

📥 Commits

Reviewing files that changed from the base of the PR and between def5025 and d64f082.

📒 Files selected for processing (16)
  • docs/user/cli-reference.md
  • pkg/bundler/attestation/keyless.go
  • pkg/bundler/attestation/keyless_test.go
  • pkg/bundler/attestation/resolver.go
  • pkg/bundler/attestation/resolver_test.go
  • pkg/bundler/attestation/signing.go
  • pkg/bundler/config/config.go
  • pkg/bundler/config/config_test.go
  • pkg/cli/bundle.go
  • pkg/cli/bundle_test.go
  • pkg/cli/consts.go
  • pkg/config/config.go
  • pkg/config/resolve.go
  • pkg/config/resolve_test.go
  • pkg/defaults/sigstore.go
  • pkg/evidence/attestation/emit.go

Comment thread pkg/bundler/config/config.go
Comment thread pkg/evidence/attestation/emit.go
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Coverage Report ✅

Metric Value
Coverage 76.3%
Threshold 75%
Status Pass
Coverage Badge
![Coverage](https://img.shields.io/badge/coverage-76.3%25-green)

Merging this branch changes the coverage (1 decrease, 3 increase)

Impacted Packages Coverage Δ 🤖
github.com/NVIDIA/aicr/pkg/bundler/attestation 69.08% (+0.50%) 👍
github.com/NVIDIA/aicr/pkg/bundler/config 96.04% (-0.31%) 👎
github.com/NVIDIA/aicr/pkg/cli 65.78% (+0.12%) 👍
github.com/NVIDIA/aicr/pkg/config 92.86% (+0.14%) 👍
github.com/NVIDIA/aicr/pkg/defaults 100.00% (ø)
github.com/NVIDIA/aicr/pkg/evidence/attestation 72.87% (ø)

Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/NVIDIA/aicr/pkg/bundler/attestation/keyless.go 36.84% (+16.84%) 19 (+4) 7 (+4) 12 🎉
github.com/NVIDIA/aicr/pkg/bundler/attestation/resolver.go 77.14% (ø) 35 27 8
github.com/NVIDIA/aicr/pkg/bundler/attestation/signing.go 64.86% (ø) 74 48 26
github.com/NVIDIA/aicr/pkg/bundler/config/config.go 95.43% (-0.34%) 197 (+8) 188 (+7) 9 (+1) 👎
github.com/NVIDIA/aicr/pkg/cli/bundle.go 52.43% (+1.32%) 185 (+5) 97 (+5) 88 👍
github.com/NVIDIA/aicr/pkg/cli/consts.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/config/config.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/config/resolve.go 95.02% (+0.18%) 201 (+7) 191 (+7) 10 👍
github.com/NVIDIA/aicr/pkg/defaults/sigstore.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/evidence/attestation/emit.go 41.98% (ø) 81 34 47

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

@lockwobr lockwobr force-pushed the feat/bundle-fulcio-rekor-urls branch from d64f082 to d8c986f Compare June 2, 2026 19:55
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/user/cli-reference.md`:
- Around line 1841-1842: The doc text around the flags `--fulcio-url` and
`--rekor-url` is ambiguous about verification support; update the paragraph to
explicitly state that while signing can be redirected to private Fulcio/Rekor
with those flags, `aicr verify` does not yet support using custom root
certificates to verify privately-signed bundles (verifier support is out of
scope, tracked under issues `#1149` and `#1153`), so public Sigstore remains the
only supported verification root today; mention `aicr verify` by name and
reference the issue numbers for clarity.

In `@pkg/cli/bundle.go`:
- Around line 596-605: runBundleCmd currently calls
validateSingleValueFlags(...) but omits the new endpoint flags, so conflicting
--fulcio-url and --rekor-url values aren't rejected; update the
validateSingleValueFlags invocation inside runBundleCmd to include flagFulcioURL
and flagRekorURL alongside the other scalar bundle flags (reference
validateSingleValueFlags and the flag identifiers flagFulcioURL and
flagRekorURL) so duplicate/conflicting single-value inputs for these endpoints
are caught and fail-fast like the others.

In `@pkg/config/resolve.go`:
- Around line 140-148: The file has the GoDoc for Resolve placed above
validateAttestationEndpoints, so func (b *BundleSpec) Resolve() is left
undocumented and the helper gets the wrong comment; move the
validateAttestationEndpoints function below the BundleSpec.Resolve method (or
split the comment so each function has its own doc block) so that the comment
"Resolve converts a BundleSpec..." immediately precedes func (b *BundleSpec)
Resolve() and validateAttestationEndpoints remains documented appropriately;
update only the order or the comments around the symbols BundleSpec.Resolve and
validateAttestationEndpoints in pkg/config/resolve.go.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 67f54eaf-7aaa-462d-b00b-7b6fa13d7ac7

📥 Commits

Reviewing files that changed from the base of the PR and between d64f082 and d8c986f.

📒 Files selected for processing (16)
  • docs/user/cli-reference.md
  • pkg/bundler/attestation/keyless.go
  • pkg/bundler/attestation/keyless_test.go
  • pkg/bundler/attestation/resolver.go
  • pkg/bundler/attestation/resolver_test.go
  • pkg/bundler/attestation/signing.go
  • pkg/bundler/config/config.go
  • pkg/bundler/config/config_test.go
  • pkg/cli/bundle.go
  • pkg/cli/bundle_test.go
  • pkg/cli/consts.go
  • pkg/config/config.go
  • pkg/config/resolve.go
  • pkg/config/resolve_test.go
  • pkg/defaults/sigstore.go
  • pkg/evidence/attestation/emit.go

Comment thread docs/user/cli-reference.md Outdated
Comment thread pkg/cli/bundle.go
Comment thread pkg/config/resolve.go Outdated
@lockwobr lockwobr force-pushed the feat/bundle-fulcio-rekor-urls branch from d8c986f to 322c910 Compare June 2, 2026 21:43

@mchmarny mchmarny left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeRabbit already owns the three open items (verifier-support wording, validateSingleValueFlags gap, GoDoc placement) plus the resolved ones, so I'll skip those.

Two additional points below. The env var gap is the substantive one; the usage-string mismatch is a nit.

Comment thread pkg/cli/bundle.go
Comment thread pkg/cli/bundle.go Outdated
@lockwobr lockwobr force-pushed the feat/bundle-fulcio-rekor-urls branch from 322c910 to a201fac Compare June 2, 2026 22:04
@lockwobr lockwobr requested a review from mchmarny June 2, 2026 22:04

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/bundler/attestation/signing.go (1)

99-118: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Validate Sigstore endpoints before logging or dialing.

SignStatement now accepts raw Fulcio/Rekor URLs from callers, but it logs them on Line 118 before any validation. A caller that passes https://user:pass@... will leak credentials into debug logs and only fail later in the Sigstore client. Reject non-HTTPS URLs and any URL with User info here as well, not just in the CLI/config layers.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/bundler/attestation/signing.go` around lines 99 - 118, Validate fulcioURL
and rekorURL right after resolving defaults (before slog.Debug and any network
calls) in SignStatement: parse each URL (opts.FulcioURL/opts.RekorURL or their
defaults) and reject anything that is not https (scheme != "https") or that
contains user info (u.User != nil), returning a clear error; do not log the raw
URLs until they pass validation (or log only sanitized host/port). Ensure the
validation happens before the slog.Debug call that references fulcioURL and
rekorURL.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/user/cli-reference.md`:
- Around line 1122-1126: Update the fulcioURL and rekorURL example and
surrounding text to explicitly state the same validation rules used by the
flags: URLs must be absolute https:// URLs and must not contain embedded
credentials (e.g., no user:pass@host). Modify the config snippet or its caption
to include the "no embedded credentials" constraint and, if present elsewhere
near the example, mirror the flag validation language so fulcioURL and rekorURL
reflect the exact accepted format.

In `@pkg/cli/bundle_test.go`:
- Around line 317-379: Add a subtest to TestParseBundleCmdOptions_SigstoreURLs
that verifies flag-over-env precedence: within the test, set environment
variables AICR_FULCIO_URL and AICR_REKOR_URL to known values, then call
captureBundleOpts (or tryCaptureBundleOpts if you want to assert no error)
passing explicit --fulcio-url and --rekor-url flags with different values, and
assert opts.fulcioURL and opts.rekorURL equal the flag values (not the env
values); use the existing helpers captureBundleOpts/tryCaptureBundleOpts and
keep assertions consistent with the other subtests.

---

Outside diff comments:
In `@pkg/bundler/attestation/signing.go`:
- Around line 99-118: Validate fulcioURL and rekorURL right after resolving
defaults (before slog.Debug and any network calls) in SignStatement: parse each
URL (opts.FulcioURL/opts.RekorURL or their defaults) and reject anything that is
not https (scheme != "https") or that contains user info (u.User != nil),
returning a clear error; do not log the raw URLs until they pass validation (or
log only sanitized host/port). Ensure the validation happens before the
slog.Debug call that references fulcioURL and rekorURL.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: e49dc28e-ac5f-44d2-8a32-f6e6b7438b86

📥 Commits

Reviewing files that changed from the base of the PR and between 322c910 and a201fac.

📒 Files selected for processing (16)
  • docs/user/cli-reference.md
  • pkg/bundler/attestation/keyless.go
  • pkg/bundler/attestation/keyless_test.go
  • pkg/bundler/attestation/resolver.go
  • pkg/bundler/attestation/resolver_test.go
  • pkg/bundler/attestation/signing.go
  • pkg/bundler/config/config.go
  • pkg/bundler/config/config_test.go
  • pkg/cli/bundle.go
  • pkg/cli/bundle_test.go
  • pkg/cli/consts.go
  • pkg/config/config.go
  • pkg/config/resolve.go
  • pkg/config/resolve_test.go
  • pkg/defaults/sigstore.go
  • pkg/evidence/attestation/emit.go

Comment thread docs/user/cli-reference.md
Comment thread pkg/cli/bundle_test.go
Wire --fulcio-url / --rekor-url through `aicr bundle` so `--attest`
keyless signing can target a private Sigstore instance. The library
already plumbed SignOptions.FulcioURL/RekorURL; this connects the CLI
and config layers to it.

- attestation: ResolveOptions carries the Fulcio/Rekor URLs;
  NewKeylessAttester takes them with default-on-empty; both the eager
  and lazy resolver paths thread them through to SignStatement
- config: spec.bundle.attestation.fulcioURL/rekorURL -> BundleResolved
- cli: --fulcio-url / --rekor-url flags with fail-fast HTTPS validation
- shared config.ValidateHTTPSURL validator (used by both flags)
- move the Sigstore default endpoints into pkg/defaults as
  SigstoreFulcioURL / SigstoreRekorURL and update all call sites
- docs: cli-reference flag table, config example, private-Sigstore note

Public Sigstore remains the default when the flags are omitted; the two
URLs are independent. Verification of privately-signed bundles is
tracked separately under epic #1149.

Fixes #408
@lockwobr lockwobr force-pushed the feat/bundle-fulcio-rekor-urls branch from a201fac to be18ab1 Compare June 2, 2026 22:48

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/user/cli-reference.md`:
- Around line 1090-1091: Add AICR_FULCIO_URL and AICR_REKOR_URL to the
Environment Variables section of the CLI reference so the docs match the new
behavior: document that `--fulcio-url` reads AICR_FULCIO_URL and `--rekor-url`
reads AICR_REKOR_URL, state they must be absolute https:// URLs with no embedded
credentials, and note default behavior (public Fulcio/Rekor when omitted) and
independence of the two URLs; update cli-reference.md (and ensure the same
entries are added in the other docs listed by policy: api-reference.md,
component-catalog.md, recipe-development.md) in this PR.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 9edeeac3-dcad-4f6b-ba2f-a4341035a90d

📥 Commits

Reviewing files that changed from the base of the PR and between a201fac and be18ab1.

📒 Files selected for processing (16)
  • docs/user/cli-reference.md
  • pkg/bundler/attestation/keyless.go
  • pkg/bundler/attestation/keyless_test.go
  • pkg/bundler/attestation/resolver.go
  • pkg/bundler/attestation/resolver_test.go
  • pkg/bundler/attestation/signing.go
  • pkg/bundler/config/config.go
  • pkg/bundler/config/config_test.go
  • pkg/cli/bundle.go
  • pkg/cli/bundle_test.go
  • pkg/cli/consts.go
  • pkg/config/config.go
  • pkg/config/resolve.go
  • pkg/config/resolve_test.go
  • pkg/defaults/sigstore.go
  • pkg/evidence/attestation/emit.go

Comment thread docs/user/cli-reference.md
@lockwobr lockwobr enabled auto-merge (squash) June 3, 2026 16:07

@mchmarny mchmarny left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving. Clean additive change: defaults preserved, flag + env + config + spec-path attribution all wired correctly, and both eager and lazy attester paths thread the URLs. The ValidateHTTPSURL credential-rejection check is well thought out (with a clear comment explaining why scheme+host alone isn't enough). Tests cover URL defaulting, flag-over-env precedence, HTTPS-only validation, and embedded-credential rejection. CI green.

Two low-severity notes inline plus a positive callout — nothing blocking. The doc caveat about aicr verify not yet supporting private trust roots is the right honest framing for the partial-coverage shape of this PR.

// while leaving Scheme/Host intact, so a scheme+host-only check would
// otherwise accept "https://user:pass@host". Credentials have no place in
// a signing endpoint and would leak via config/flags/process listings.
if u.Scheme != "https" || u.Host == "" || u.User != nil {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice — the u.User != nil check (with the comment explaining that url.Parse stashes user:pass@ in u.User while leaving Scheme/Host valid) is exactly the right guard. A scheme+host check alone would have let https://user:pass@host through and leaked creds via config/flags/process listings. No action needed.

FulcioURL: bundleattest.DefaultFulcioURL,
RekorURL: bundleattest.DefaultRekorURL,
FulcioURL: opts.OIDCResolve.FulcioURL,
RekorURL: opts.OIDCResolve.RekorURL,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "validate-emit path does not yet expose --fulcio-url/--rekor-url, so these are empty today; this keeps the signer from overriding a configured endpoint once it does" framing is accurate but leaves the wire-through as an implicit TODO with no linked issue. Either reference the tracking issue (looks like #1149 / #1153 from the doc caveat) or open a follow-up and link it here so the work doesn't fall off — easy to miss in a year when someone wonders why recipe-evidence signing always hits public Sigstore.

Comment thread pkg/cli/bundle.go
Category: catDeployment,
},
&cli.StringFlag{
Name: flagRekorURL,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: --fulcio-url / --rekor-url are accepted without --attest=true and silently no-op when signing is disabled. Matches the pattern of --certificate-identity-regexp / --identity-token, so it's internally consistent — but an operator who sets these expecting signing gets no feedback. Optional: slog.Warn in selectAttester when either URL is set but opts.attest == false. Not blocking.

@lockwobr lockwobr merged commit 5316d3c into main Jun 3, 2026
33 checks passed
@lockwobr lockwobr deleted the feat/bundle-fulcio-rekor-urls branch June 3, 2026 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(bundle): private Sigstore infrastructure support via --fulcio-url and --rekor-url

2 participants