Skip to content

pkg: separate pki types from implementations#2668

Merged
Hayden-IO merged 1 commit intosigstore:mainfrom
tonistiigi:pki-types-fix
Nov 8, 2025
Merged

pkg: separate pki types from implementations#2668
Hayden-IO merged 1 commit intosigstore:mainfrom
tonistiigi:pki-types-fix

Conversation

@tonistiigi
Copy link
Copy Markdown
Contributor

@tonistiigi tonistiigi commented Nov 4, 2025

Summary

pkg/pki package defines both the interface types for PublicKey and Signature, linked to many external packages, and also all the implementations for pki via a static factory map.

This separates the types to separate packages so the packages that use them can be included without a big dependency chain. The types are aliased to the old pkg/pki package so that this change wouldn't break any backwards compatibility.

This could be cleaned up more in a further refactor when backwards compatibility is not an issue.

Footprint change for sigstore-go/verifier

 80 files changed, 18 insertions(+), 13144 deletions(-)

Most notably, this drops the inclusion of spf13/cobra CLI framework and its dependencies that somehow is pulled in via x509tools dependency 🤯

Release Note

Documentation

@tonistiigi tonistiigi requested a review from a team as a code owner November 4, 2025 00:57
@codecov
Copy link
Copy Markdown

codecov bot commented Nov 5, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 81.81818% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 26.16%. Comparing base (488eb97) to head (5db94c5).
⚠️ Report is 562 commits behind head on main.

Files with missing lines Patch % Lines
pkg/types/hashedrekord/v0.0.1/entry.go 75.00% 0 Missing and 1 partial ⚠️
pkg/types/test_util.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #2668       +/-   ##
===========================================
- Coverage   66.46%   26.16%   -40.31%     
===========================================
  Files          92      191       +99     
  Lines        9258    20122    +10864     
===========================================
- Hits         6153     5264      -889     
- Misses       2359    14029    +11670     
- Partials      746      829       +83
Flag Coverage Δ
e2etests 49.67% <63.63%> (+2.11%) ⬆️
unittests 16.68% <63.63%> (-31.00%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Hayden-IO
Hayden-IO previously approved these changes Nov 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Hayden-IO Hayden-IO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! And thanks for making this backwards compatible as well

@Hayden-IO
Copy link
Copy Markdown
Contributor

Hayden-IO commented Nov 5, 2025

Just need a rebase

@tonistiigi
pkg: separate pki types from implementations
5db94c5 
pkg/pki package defines both the interface types for PublicKey
and Signature, linked to many external packages, and also all the
implementations for pki via static factory map.

This separates the types to separate package so the packages
that use them can be included without a big dependency chain.
The types are aliased to the old pkg/pki package so that this
change wouldn't break any backwards compatibility.

Signed-off-by: Tonis Tiigi <[email protected]>
@Hayden-IO Hayden-IO merged commit 76fff70 into sigstore:main Nov 8, 2025
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hayden-IO Hayden-IO Hayden-IO approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tonistiigi @Hayden-IO