Update `gh attestation verify` bundle parsing and validation errors #9564

malancas · 2024-09-04T19:32:03Z

This updates the content of the error messages printed when parsing bundle files with either .json or .jsonl extensions. If bundle validation fails, the error message will now be more specific and informative.

Signed-off-by: Meredith Lancaster <[email protected]>

cliAutomation · 2024-09-05T20:09:45Z

Hi! Thanks for the pull request. Please ensure that this change is linked to an issue by mentioning an issue number in the description of the pull request. If this pull request would close the issue, please put the word 'Fixes' before the issue number somewhere in the pull request body. If this is a tiny change like fixing a typo, feel free to ignore this message.

steiza · 2024-09-06T13:21:47Z

pkg/cmd/attestation/verification/attestation.go

 		}
 		return attestations, nil
 	case ".jsonl":
 		attestations, err := loadBundlesFromJSONLinesFile(path)


It looks like loadBundlesFromJSONLinesFile wraps the error it gets back from os.ReadFile, so I think we might want to unwrap that, or do different error handling here.

williammartin · 2024-09-09T08:19:56Z

Does this have an associated issue?

Signed-off-by: Meredith Lancaster <[email protected]>

go.mod

…utput

Signed-off-by: Meredith Lancaster <[email protected]>

malancas · 2024-09-10T21:23:25Z

Does this have an associated issue?

@williammartin sorry I just saw this comment. I have an issue I can share with you

andyfeller

lgtm

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.55.0` -> `v2.57.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.57.0`](https://github.com/cli/cli/releases/tag/v2.57.0): GitHub CLI 2.57.0 [Compare Source](cli/cli@v2.56.0...v2.57.0) #### What's Changed - Move non-integration tests to different test file by [@codysoyland](https://github.com/codysoyland) in cli/cli#9577 - Added tenancy aware attestation commands by [@kommendorkapten](https://github.com/kommendorkapten) in cli/cli#9542 - Added `--active` flag to the `gh auth status` command by [@velumuruganr](https://github.com/velumuruganr) in cli/cli#9520 - build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 by [@dependabot](https://github.com/dependabot) in cli/cli#9601 - `gh attestation verify` test for custom OIDC issuers by [@bdehamer](https://github.com/bdehamer) in cli/cli#9595 - Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available by [@timrogers](https://github.com/timrogers) in cli/cli#9599 - Update `gh attestation verify` bundle parsing and validation errors by [@malancas](https://github.com/malancas) in cli/cli#9564 - Suppress `attestation verify` output when no TTY present by [@bdehamer](https://github.com/bdehamer) in cli/cli#9612 - Use api subdomains for tenant hosts by [@williammartin](https://github.com/williammartin) in cli/cli#9618 #### New Contributors - [@kommendorkapten](https://github.com/kommendorkapten) made their first contribution in cli/cli#9542 - [@velumuruganr](https://github.com/velumuruganr) made their first contribution in cli/cli#9520 - [@bdehamer](https://github.com/bdehamer) made their first contribution in cli/cli#9595 - [@timrogers](https://github.com/timrogers) made their first contribution in cli/cli#9599 **Full Changelog**: cli/cli@v2.56.0...v2.57.0 ### [`v2.56.0`](https://github.com/cli/cli/releases/tag/v2.56.0): GitHub CLI 2.56.0 [Compare Source](cli/cli@v2.55.0...v2.56.0) #### Important note about renewed GPG key The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your `.deb` or `.rpm` packages, please read [cli/cli#9569](cli/cli#9569). #### What's Changed - Always print URL scheme to stdout by [@heaths](https://github.com/heaths) in cli/cli#9471 - Quote repo names consistently in `gh repo sync` stdout by [@muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9491 - Fetch bundle from OCI registry for verify by [@ejahnGithub](https://github.com/ejahnGithub) in cli/cli#9421 - Remove `Internal` from `gh repo create` prompt when owner is not an org by [@jtmcg](https://github.com/jtmcg) in cli/cli#9465 - Drop surplus trailing space char in flag names in web by [@muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9495 - fix the trimming of log filenames for `gh run view` by [@benebsiny](https://github.com/benebsiny) in cli/cli#9482 - "offline" verification using the bundle of attestations without any additional handling of the file by [@aryanbhosale](https://github.com/aryanbhosale) in cli/cli#9523 - build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 by [@dependabot](https://github.com/dependabot) in cli/cli#9518 - Fix doc typo for `repo sync` by [@muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9509 - Correct the help message for -F by [@Goooler](https://github.com/Goooler) in cli/cli#9525 - chore: fix some function names by [@crystalstall](https://github.com/crystalstall) in cli/cli#9555 - verify 2nd artifact without swapping order by [@aryanbhosale](https://github.com/aryanbhosale) in cli/cli#9532 - `gh attestation verify` handles empty JSONL files by [@malancas](https://github.com/malancas) in cli/cli#9541 - Enhance Linux installation docs to redirect users to GPG renewal issue, better troubleshooting support by [@andyfeller](https://github.com/andyfeller) in cli/cli#9573 - Upgrade sigstore-go to v0.6.1 by [@codysoyland](https://github.com/codysoyland) in cli/cli#9566 - Check for nil values to prevent nil dereference panic by [@codysoyland](https://github.com/codysoyland) in cli/cli#9578 - build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 by [@dependabot](https://github.com/dependabot) in cli/cli#9575 #### New Contributors - [@aryanbhosale](https://github.com/aryanbhosale) made their first contribution in cli/cli#9523 - [@Goooler](https://github.com/Goooler) made their first contribution in cli/cli#9525 - [@crystalstall](https://github.com/crystalstall) made their first contribution in cli/cli#9555 **Full Changelog**: cli/cli@v2.55.0...v2.56.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

malancas added 3 commits September 4, 2024 13:30

update bundle file parsing err messages

1b67b35

Signed-off-by: Meredith Lancaster <[email protected]>

dont print err content

7c405e8

Signed-off-by: Meredith Lancaster <[email protected]>

check for os.PathError

57b2029

Signed-off-by: Meredith Lancaster <[email protected]>

malancas changed the title ~~Update gh attestation verify bundle file parse errors~~ Update gh attestation verify bundle file processing errors Sep 5, 2024

print verify err

668706c

Signed-off-by: Meredith Lancaster <[email protected]>

malancas marked this pull request as ready for review September 5, 2024 20:09

malancas requested a review from a team as a code owner September 5, 2024 20:09

cliAutomation added the external pull request originating outside of the CLI core team label Sep 5, 2024

steiza reviewed Sep 6, 2024

View reviewed changes

malancas and others added 5 commits September 9, 2024 08:23

Merge branch 'trunk' into verification-err-output

945e2b7

handle os.PathError in GetLocalAttestations

bbefc5b

Signed-off-by: Meredith Lancaster <[email protected]>

get latest sigstore-go commit

70e935b

Signed-off-by: Meredith Lancaster <[email protected]>

check for sigstore-go validation errs

83519e4

Signed-off-by: Meredith Lancaster <[email protected]>

go mod tidy

4421110

Signed-off-by: Meredith Lancaster <[email protected]>

malancas requested a review from a team as a code owner September 10, 2024 14:04

malancas requested a review from williammartin September 10, 2024 14:04

steiza approved these changes Sep 10, 2024

View reviewed changes

go.mod Outdated Show resolved Hide resolved

malancas added 4 commits September 10, 2024 09:04

Merge remote-tracking branch 'upstream/trunk' into verification-err-o…

f748f9e

…utput

check err in GetLocalAttestations

3814e82

Signed-off-by: Meredith Lancaster <[email protected]>

check specific err

50d3355

Signed-off-by: Meredith Lancaster <[email protected]>

use sigstore-go v0.6.2

e2c33e5

Signed-off-by: Meredith Lancaster <[email protected]>

andyfeller approved these changes Sep 11, 2024

View reviewed changes

andyfeller self-requested a review September 11, 2024 18:56

malancas changed the title ~~Update gh attestation verify bundle file processing errors~~ Update gh attestation verify bundle parsing and validation errors Sep 12, 2024

malancas merged commit e381d54 into cli:trunk Sep 13, 2024

malancas deleted the verification-err-output branch September 13, 2024 15:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update `gh attestation verify` bundle parsing and validation errors #9564

Update `gh attestation verify` bundle parsing and validation errors #9564

Uh oh!

malancas commented Sep 4, 2024 •

edited

Loading

Uh oh!

cliAutomation commented Sep 5, 2024

Uh oh!

steiza Sep 6, 2024

Uh oh!

williammartin commented Sep 9, 2024

Uh oh!

Uh oh!

malancas commented Sep 10, 2024 •

edited

Loading

Uh oh!

andyfeller left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Update gh attestation verify bundle parsing and validation errors #9564

Update gh attestation verify bundle parsing and validation errors #9564

Uh oh!

Conversation

malancas commented Sep 4, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cliAutomation commented Sep 5, 2024

Uh oh!

steiza Sep 6, 2024

Choose a reason for hiding this comment

Uh oh!

williammartin commented Sep 9, 2024

Uh oh!

Uh oh!

malancas commented Sep 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

andyfeller left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Update `gh attestation verify` bundle parsing and validation errors #9564

Update `gh attestation verify` bundle parsing and validation errors #9564

malancas commented Sep 4, 2024 •

edited

Loading

malancas commented Sep 10, 2024 •

edited

Loading