Updated v1 to support latest version of go-tuf #3597
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: cpanato <[email protected]> Signed-off-by: cpanato <[email protected]>
* Merge pull request from GHSA-vfp6-jrw2-99g9 * Add limit to number of sigs and attestations Signed-off-by: AdamKorcz <[email protected]> * Update pkg/cosign/fetch.go Co-authored-by: Cody Soyland <[email protected]> Signed-off-by: AdamKorcz <[email protected]> * Update error message Signed-off-by: Hayden B <[email protected]> * fix compilation error Signed-off-by: Hayden Blauzvern <[email protected]> * Add e2e tests Signed-off-by: Hayden Blauzvern <[email protected]> --------- Signed-off-by: AdamKorcz <[email protected]> Signed-off-by: Hayden B <[email protected]> Signed-off-by: Hayden Blauzvern <[email protected]> Co-authored-by: Cody Soyland <[email protected]> Co-authored-by: Hayden B <[email protected]> * fix missing import Signed-off-by: cpanato <[email protected]> * bump golang to 1.19.13 Signed-off-by: cpanato <[email protected]> * update tests Signed-off-by: cpanato <[email protected]> * refactor validate release Signed-off-by: cpanato <[email protected]> * pin sigstore/scaffolding/actions/setup to v0.4.13 Signed-off-by: cpanato <[email protected]> * update ko-local Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: AdamKorcz <[email protected]> Signed-off-by: Hayden B <[email protected]> Signed-off-by: Hayden Blauzvern <[email protected]> Signed-off-by: cpanato <[email protected]> Co-authored-by: AdamKorcz <[email protected]> Co-authored-by: Cody Soyland <[email protected]> Co-authored-by: Hayden B <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 1.0-fork #3597 +/- ##
============================================
- Coverage 30.16% 29.75% -0.42%
============================================
Files 136 137 +1
Lines 8436 8553 +117
============================================
Hits 2545 2545
- Misses 5561 5678 +117
Partials 330 330 ☔ View full report in Codecov by Sentry. |
kommendorkapten
commented
Mar 13, 2024
|
|
||
| test: | ||
| go test $(shell go list ./... | grep -v third_party/) | ||
| GODEBUG=x509sha1=1 go test $(shell go list ./... | grep -v third_party/) |
Member
Author
There was a problem hiding this comment.
This is needed as some test certs are using SHA-1.
Member
|
I'm not super familiar with cosign (like what v1 is) but does this mean upgrading cosign to use the go-tuf rewrite? EDIT: I suppose 0.7 is the release before the rewrite? |
Member
Author
Correct! This is the last version that is API compatible. |
Contributor
|
LGTM, just need to rebase off release-1.13 and merge into that branch instead, which should hopefully resolve test failures. |
Signed-off-by: Fredrik Skogman <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
swap out deprecated lib Signed-off-by: Bob Callaway <[email protected]>
swap out deprecated lib Signed-off-by: Bob Callaway <[email protected]>
fix gofmt issue Signed-off-by: Bob Callaway <[email protected]>
go mod tidy Signed-off-by: Bob Callaway <[email protected]>
free up space ahead of running goreleaser Signed-off-by: Bob Callaway <[email protected]>
kommendorkapten
force-pushed
the
v1-go-tuf-update
branch
from
fbe758d to
be9bf89
Compare
Member
Author
|
Rebased on |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Per the latest TUF updates in Sigstore Public Good instance, the key type is changing for the TUF keys, to keep cosign v1 continue to work I've updated to the latest go-tuf version.
Release Note
Documentation
N/A