STACKITGit/cli - Git hosting by STACKIT

Author	SHA1	Message	Date
Meredith Lancaster	164a56cb66	move filterAttestations function Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-03 11:02:45 -06:00
Meredith Lancaster	a856a796f0	remove duplicate predicate filtering code Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-03-24 18:34:54 -06:00
Meredith Lancaster	a9cc7b481e	create single fetch by digest client method Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-03-24 18:28:27 -06:00
Meredith Lancaster	5a895b9d72	dedpulicate if else logic Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-03-24 18:12:41 -06:00
Meredith Lancaster	95a61974bf	pass params object to api client methods Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-03-24 18:01:57 -06:00
Meredith Lancaster	faef81f4bc	reorganize getAttestations func to check for remote gh api fetching first Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-03-24 17:28:50 -06:00
Meredith Lancaster	917a00ddc1	Update pkg/cmd/attestation/verification/attestation.go Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>	2025-03-05 07:31:35 -07:00
Meredith Lancaster	ddc36c8a8e	Update pkg/cmd/attestation/verification/attestation.go Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>	2025-03-05 07:31:28 -07:00
Meredith Lancaster	84299b7d57	var naming Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-02-06 12:50:30 -07:00
Meredith Lancaster	5d6ffa3207	dedup local bundle err handling Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-02-06 12:37:23 -07:00
Meredith Lancaster	2137a483de	include alg with digest when fetching bundles from OCI Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-05 09:27:14 -07:00
Meredith Lancaster	63f37eb369	pr feedback Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-18 08:24:25 -07:00
Meredith Lancaster	8ab5f247af	rename type Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-07 14:47:53 -07:00
Meredith Lancaster	ff9b6bb883	refactor fetch attestations funcs Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-07 14:39:11 -07:00
Meredith Lancaster	efa6fafc47	Update pkg/cmd/attestation/verification/attestation.go Co-authored-by: Phill MV <phillmv@github.com>	2024-10-29 07:06:23 -06:00
Meredith Lancaster	4d57c79770	set provenance predicate type as default for predicate-type flag Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-24 11:40:55 -06:00
Meredith Lancaster	3814e82f9b	check err in GetLocalAttestations Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-10 10:32:46 -06:00
Meredith Lancaster	83519e4e92	check for sigstore-go validation errs Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-10 07:54:45 -06:00
Meredith Lancaster	bbefc5b24f	handle os.PathError in GetLocalAttestations Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-09 08:53:11 -06:00
Meredith Lancaster	945e2b7eee	Merge branch 'trunk' into verification-err-output	2024-09-09 08:23:01 -06:00
Meredith Lancaster	57b20291bd	check for os.PathError Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-05 13:20:13 -06:00
Cody Soyland	ea1a3da1eb	Rename ProtobufBundle to Bundle Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-09-04 16:45:02 -04:00
Meredith Lancaster	1b67b354a9	update bundle file parsing err messages Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-04 13:30:30 -06:00
Meredith Lancaster	34d7ef7a0e	`gh attestation verify` handles empty JSONL files (#9541 ) * handle empty jsonl files Signed-off-by: Meredith Lancaster <malancas@github.com> * check processed attestations slice length Signed-off-by: Meredith Lancaster <malancas@github.com> * update err name and message Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-04 10:31:41 -06:00
Aryan Bhosale	9a0a7d427e	verify 2nd artifact without swapping order (#9532 ) * verify 2nd artifact without swapping order possible solution to https://github.com/cli/cli/issues/9521#issuecomment-2310686619? * copy the mentioned test file and adds some extra lines * rm unnecessary import * Update pkg/cmd/attestation/verification/attestation_test.go Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com> * gofmt --------- Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>	2024-09-04 08:57:56 -06:00
Aryan Bhosale	8305a49c3f	"offline" verification using the bundle of attestations without any additional handling of the file (#9523 )	2024-08-26 09:58:29 -06:00
ejahnGithub	47a8f4bbdd	update error message	2024-08-20 16:14:39 -04:00
ejahnGithub	5ae03d6e87	addded more test	2024-08-12 07:10:19 -07:00
ejahnGithub	57aea664e5	added test	2024-08-07 10:10:59 -07:00
ejahnGithub	8d17896080	refactor the logic and logging	2024-08-05 12:25:52 -07:00
Forrin	c572383bda	Attestation Verification - Buffer Fix (#9198 ) * swap scanner to readline for attestations * replace readLine with readBytes	2024-06-14 13:55:58 -04:00
William Martin	054b306d09	Make error more obvious when bundle has wrong extension	2024-04-26 16:23:56 +02:00
Zach Steindler	2b293c4840	Add unit test, update naming, ensure DSSE envelope is in-toto Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-10 09:49:34 -04:00
Zach Steindler	643f4031b2	Add support to `attestation` command for more predicate types. Before, we required all attestations have predicateType https://slsa.dev/provenance/v1. This allows you to use other predicate types, and adds the ability to filter responses from the API for a particular predicate type. Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-09 17:26:32 -04:00
Meredith Lancaster	90b7bf97c5	gh-attestation cmd integration (#8698 ) * add attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * update args passed to the attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * rename file Signed-off-by: Meredith Lancaster <malancas@github.com> * use gh-attestation branch for passing iostreams from the root Signed-off-by: Meredith Lancaster <malancas@github.com> * add package security team entry to codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * start moving over verify cmd and general verification code Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up common and verify specific policy code Signed-off-by: Meredith Lancaster <malancas@github.com> * move artifact package over Signed-off-by: Meredith Lancaster <malancas@github.com> * start pulling in the github api client wrapper Signed-off-by: Meredith Lancaster <malancas@github.com> * fix imports Signed-off-by: Meredith Lancaster <malancas@github.com> * add logger and test packages Signed-off-by: Meredith Lancaster <malancas@github.com> * add additional packages to support verify command Signed-off-by: Meredith Lancaster <malancas@github.com> * fix mock api client Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up mock api client Signed-off-by: Meredith Lancaster <malancas@github.com> * include missing fields Signed-off-by: Meredith Lancaster <malancas@github.com> * use correct owner Signed-off-by: Meredith Lancaster <malancas@github.com> * add more mock api client options Signed-off-by: Meredith Lancaster <malancas@github.com> * add download cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add inspect cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * pass factory object to inspect cmd, add inspect sub cmd to attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add verify-tuf-root cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * pass iostream struct from command Signed-off-by: Meredith Lancaster <malancas@github.com> * rename logger pkg to logger Signed-off-by: Meredith Lancaster <malancas@github.com> * fix path in codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * formatter Signed-off-by: Meredith Lancaster <malancas@github.com> * go mod tidy Signed-off-by: Meredith Lancaster <malancas@github.com> * fix printf linter issue Signed-off-by: Meredith Lancaster <malancas@github.com> * fix printf linter issue Signed-off-by: Meredith Lancaster <malancas@github.com> * check user's GH host for compatibility Signed-off-by: Meredith Lancaster <malancas@github.com> * pass oci client to commands directly Signed-off-by: Meredith Lancaster <malancas@github.com> * rename command Signed-off-by: Meredith Lancaster <malancas@github.com> * mark tuf-root-verify cmd hidden Signed-off-by: Meredith Lancaster <malancas@github.com> * move client initialization back to subcommands Signed-off-by: Meredith Lancaster <malancas@github.com> * add more verbose options and logging Signed-off-by: Meredith Lancaster <malancas@github.com> * add missing logger Signed-off-by: Meredith Lancaster <malancas@github.com> * add testing around OCI and API client Signed-off-by: Meredith Lancaster <malancas@github.com> * add integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * fix file path Signed-off-by: Meredith Lancaster <malancas@github.com> * fix command Signed-off-by: Meredith Lancaster <malancas@github.com> * build executable before integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * split integration tests Signed-off-by: Meredith Lancaster <malancas@github.com> * remove integration test steps Signed-off-by: Meredith Lancaster <malancas@github.com> * fix flag value Signed-off-by: Meredith Lancaster <malancas@github.com> * run integration tests on ubuntu for now Signed-off-by: Meredith Lancaster <malancas@github.com> * pull over doc updates Signed-off-by: Meredith Lancaster <malancas@github.com> * delete unused test data Signed-off-by: Meredith Lancaster <malancas@github.com> * remove Go patch version Signed-off-by: Meredith Lancaster <malancas@github.com> * switch assert to require Signed-off-by: Meredith Lancaster <malancas@github.com> * rename file Signed-off-by: Meredith Lancaster <malancas@github.com> * move integration tests to prexisting test workflow Signed-off-by: Meredith Lancaster <malancas@github.com> * use platform matrix for integration tests Signed-off-by: Meredith Lancaster <malancas@github.com> * simplify build step Signed-off-by: Meredith Lancaster <malancas@github.com> * use StringEnumFlag handling Signed-off-by: Meredith Lancaster <malancas@github.com> * typo Signed-off-by: Meredith Lancaster <malancas@github.com> * use the iostreams.Test helper func Signed-off-by: Meredith Lancaster <malancas@github.com> * create interface for oci client Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for oci client Signed-off-by: Meredith Lancaster <malancas@github.com> * rename files Signed-off-by: Meredith Lancaster <malancas@github.com> * format file Signed-off-by: Meredith Lancaster <malancas@github.com> * fix shellcheck issues Signed-off-by: Meredith Lancaster <malancas@github.com> * use testing TempDir method Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup unused tempdir handling Signed-off-by: Meredith Lancaster <malancas@github.com> * use table driven tests Signed-off-by: Meredith Lancaster <malancas@github.com> * check correct cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * support repo option in download sub cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * switch over to using RunE Signed-off-by: Meredith Lancaster <malancas@github.com> * unexport top level subcommand funcs Signed-off-by: Meredith Lancaster <malancas@github.com> * add comment around keychain option Signed-off-by: Meredith Lancaster <malancas@github.com> * update comments Signed-off-by: Meredith Lancaster <malancas@github.com> * fix inconsistent naming Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for CLI commands Signed-off-by: Meredith Lancaster <malancas@github.com> * check for noattestationsfound err Signed-off-by: Meredith Lancaster <malancas@github.com> * try out metadata abstraction instead Signed-off-by: Meredith Lancaster <malancas@github.com> * switch to using MetadataStore abstraction Signed-off-by: Meredith Lancaster <malancas@github.com> * include test case with failing metadata store Signed-off-by: Meredith Lancaster <malancas@github.com> * look for err specific to file write Signed-off-by: Meredith Lancaster <malancas@github.com> * unexport fields Signed-off-by: Meredith Lancaster <malancas@github.com> * return err when an unsupported hash alg is provided Signed-off-by: Meredith Lancaster <malancas@github.com> * PrintTableToStdOut returns err when rendering fails Signed-off-by: Meredith Lancaster <malancas@github.com> * start adding sigstore verifier unit tests Signed-off-by: Meredith Lancaster <malancas@github.com> * add more sigstore verifier specific tests Signed-off-by: Meredith Lancaster <malancas@github.com> * use cli table printer Signed-off-by: Meredith Lancaster <malancas@github.com> * return JSON results in slice instead of table Signed-off-by: Meredith Lancaster <malancas@github.com> * move mock client to test file Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded table printer method Signed-off-by: Meredith Lancaster <malancas@github.com> * add initial tests for tufrootverify cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * formatting Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup method Signed-off-by: Meredith Lancaster <malancas@github.com> * close file in error handling branch Signed-off-by: Meredith Lancaster <malancas@github.com> * normalize artifact path Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded embedded file system Signed-off-by: Meredith Lancaster <malancas@github.com> * include image name reference err Signed-off-by: Meredith Lancaster <malancas@github.com> * use GH_DEBUG value for io handling Signed-off-by: Meredith Lancaster <malancas@github.com> * remove quiet and verbose flags Signed-off-by: Meredith Lancaster <malancas@github.com> * add more tufrootveriify tests Signed-off-by: Meredith Lancaster <malancas@github.com> * GitHubTUFOptions no longer needs to return error Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded slice Signed-off-by: Meredith Lancaster <malancas@github.com> * normalize all relative paths Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up nil client checks Signed-off-by: Meredith Lancaster <malancas@github.com> * set api server based on host Signed-off-by: Meredith Lancaster <malancas@github.com> * add comment about http client Signed-off-by: Meredith Lancaster <malancas@github.com> * use format flag to handle json output in verify cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * use format flag to handle json output Signed-off-by: Meredith Lancaster <malancas@github.com> * use normalized path for cli test arg Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for json output Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup error wrapping Signed-off-by: Meredith Lancaster <malancas@github.com> * use test fixtures correctly by normalizing path Signed-off-by: Meredith Lancaster <malancas@github.com> * dont clean Signed-off-by: Meredith Lancaster <malancas@github.com> * escape backwards slash for windows files with replace Signed-off-by: Meredith Lancaster <malancas@github.com> * use strings.Split func Signed-off-by: Meredith Lancaster <malancas@github.com> * use strings.Replace for all command tests Signed-off-by: Meredith Lancaster <malancas@github.com> * use CLI cache dir to store tuf metadata Signed-off-by: Meredith Lancaster <malancas@github.com> * Tweaked docstrings for gh attestation download * Tweaked docstrings for gh attestation verify * Fix for bug in gh attestation where the wrong hostname was being passed to the API client. * lets hide tuf-root-verify eh? * Forgot verify's short str. * add remote verification test Signed-off-by: Meredith Lancaster <malancas@github.com> * Revert "add remote verification test" This reverts commit `c0ceb99ca8`. * update json result handling Signed-off-by: Meredith Lancaster <malancas@github.com> * add json tags to struct returned by command Signed-off-by: Meredith Lancaster <malancas@github.com> * fix how json results are handled Signed-off-by: Meredith Lancaster <malancas@github.com> * add test to ensure JSON output is valid Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-04-01 11:13:47 -06:00

35 commits