48 commits

Author	SHA1	Message	Date
Trevor Rosen	b6013cf409	Make verifier choice more explicit ... Signed-off-by: Trevor Rosen <trevrosen@github.com>	2025-10-24 13:42:58 -05:00
copilot-swe-agent[bot]	b27889b76b	Make PGI verifier initialization non-fatal to allow GitHub attestation verification ... Co-authored-by: trevrosen <1402+trevrosen@users.noreply.github.com>	2025-10-22 15:03:21 +00:00
Meredith Lancaster	f2f769c23a	Merge branch 'trunk' into gh-attestation-tuf-client-retry	2025-05-27 10:14:35 -06:00
Meredith Lancaster	a154ff5cfa	replace deprecated func ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-05-27 09:38:46 -06:00
Meredith Lancaster	dcca4b2940	replace deprecated type ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-05-27 09:34:35 -06:00
Meredith Lancaster	6b226754fd	pass http client for use with tuf ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-05-07 09:18:43 -06:00
Meredith Lancaster	fcd23dc657	create fetcher with custom http client and retry options ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-24 08:55:57 -06:00
Meredith Lancaster	29080dc70a	reorganize func ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 16:40:52 -06:00
Meredith Lancaster	d63e2830e0	clean up unneeded sigstore verifier fields ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 16:35:17 -06:00
Meredith Lancaster	a535cfdbfc	flip verifier choice logic ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 16:28:56 -06:00
Meredith Lancaster	366485155e	initiate custom verifiers when the sgistore verifier is created ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 16:23:37 -06:00
Meredith Lancaster	323ea74733	add public good and github verifiers as fields for repeated use instead of creating a new one for every attestation ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 15:40:55 -06:00
Meredith Lancaster	261cea2075	update error message ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2025-04-08 14:41:18 -06:00
William Martin	db823c18b8	Allow injection of TUFMetadataDir in tests ... This avoids multiple tests using the same dir for metadata, which was causing flakes	2025-02-20 17:04:30 +01:00
Cody Soyland	6a629ed871	Fix breaking changes from sigstore-go v0.7.0 upgrade ... Signed-off-by: Cody Soyland <codysoyland@github.com>	2025-01-24 16:35:31 -05:00
Meredith Lancaster	3b043f6350	comment ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 12:37:42 -07:00
Meredith Lancaster	efca3bdfd9	try switch statement ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 12:34:33 -07:00
Meredith Lancaster	2a6ee87ba0	remove duplicate err checking ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 12:29:35 -07:00
Meredith Lancaster	f0f86ecd23	get bundle issuer in another func ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 12:22:56 -07:00
Meredith Lancaster	d737d3b933	more logic updating to remove nesting ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 12:19:28 -07:00
Meredith Lancaster	1ffd22565d	inverse logic for less nesting ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 11:52:08 -07:00
Meredith Lancaster	6a7243bb7b	remove unneeded nesting ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-12-03 10:54:22 -07:00
Meredith Lancaster	0665fb4916	comments ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-06 09:45:42 -07:00
Meredith Lancaster	b65c942e1f	update verification slice building ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-06 09:45:03 -07:00
Meredith Lancaster	eae3b5baec	Merge branch 'trunk' into verify-attestation-monotonic-tests	2024-11-06 09:41:33 -07:00
Meredith Lancaster	23374d8c62	undo sigstore verify result handling changes for now ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 12:49:01 -06:00
Meredith Lancaster	4bd46334ff	return the last verification error for now ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 12:38:37 -06:00
Meredith Lancaster	56731c9b70	remove unneeded result handling struct ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 12:26:06 -06:00
Meredith Lancaster	26e04932f2	split out individual sigstore verification ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 11:59:32 -06:00
Meredith Lancaster	01f63c5cc3	clean up unneeded struct ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 10:08:05 -06:00
Meredith Lancaster	4d57c79770	set provenance predicate type as default for predicate-type flag ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-24 11:40:55 -06:00
Phill MV	aaea0166e2	If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error.	2024-10-09 16:51:00 -04:00
Meredith Lancaster	e381d54511	Merge pull request #9564 from malancas/verification-err-output ... Update `gh attestation verify` bundle parsing and validation errors	2024-09-13 09:27:07 -06:00
Fredrik Skogman	1b59ec8ad0	This commit introduces tenancy aware attestation policy building. ... This is done by inspecting the current hostname to determine if tenancy is enabled. The attestation commands also accepts a --hostname parameter, that is used to pick the current host, similar to how the GH_HOST variable can be used. Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>	2024-09-11 10:49:17 +02:00
Meredith Lancaster	945e2b7eee	Merge branch 'trunk' into verification-err-output	2024-09-09 08:23:01 -06:00
Meredith Lancaster	668706ccf5	print verify err ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-05 13:29:22 -06:00
Meredith Lancaster	57b20291bd	check for os.PathError ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-05 13:20:13 -06:00
Meredith Lancaster	7c405e8b6e	dont print err content ... Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-09-05 08:16:34 -06:00
Cody Soyland	ea1a3da1eb	Rename ProtobufBundle to Bundle ... Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-09-04 16:45:02 -04:00
Cody Soyland	35b2cf70cf	Change to requiring bundle v0.2 ... Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-08-09 16:36:16 -04:00
Cody Soyland	574e131072	Require Sigstore Bundle v0.3 when verifying with gh attestation ... Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-08-09 16:02:04 -04:00
Zach Steindler	658f125ab3	Update sigstore-go in gh CLI to v0.5.1 (#9366) ... Signed-off-by: Zach Steindler <steiza@github.com>	2024-07-25 20:59:39 +02:00
Zach Steindler	f972050dc9	gh attestation trusted-root subcommand (#9206) ... Adds `trusted-root` subcommand to `gh attestation`. For use in upcoming docs on how to do offline verification with artifact attestations. --------- Signed-off-by: Zach Steindler <steiza@github.com> Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>	2024-07-01 11:50:39 -04:00
William Martin	cf2060ce9a	Remove unnecessary defensive check	2024-04-26 17:20:26 +02:00
Zach Steindler	caf0546a11	Just base verification policy on trusted root, not bundle ... Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 11:02:53 -04:00
Zach Steindler	d9f7b922d0	Support offline mode for gh attestation verify ... The main change is previously we always instantiated a TUF client for the public good and GitHub Sigstore instances. Now we only instantiate the TUF client we need, or no client if we are provided a custom trusted root. Note that `gh attestation verify` still requires authentication, that is being addressed in https://github.com/cli/cli/pull/8995. Some other changes are coming along for the ride: - Set TUF cache validity to 1 day, to help serial verification - Attempt to infer verification policy based on custom trusted root - Make command output more friendly if you leave off required arguments Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 10:24:23 -04:00
Meredith Lancaster	02158e896b	Fix attestation cmd offline unit test failure (#8933) ... * pass policy to Verify method Signed-off-by: Meredith Lancaster <malancas@github.com> * remove policy argument from SigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * add SigstoreVerifier interface and introduce mock SigstoreVerifier struct for unit testing Signed-off-by: Meredith Lancaster <malancas@github.com> * gofmt Signed-off-by: Meredith Lancaster <malancas@github.com> * rename LiveSigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, add todos for tests that need to be reimplemented Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unused import Signed-off-by: Meredith Lancaster <malancas@github.com> * add more missing TODO statements Signed-off-by: Meredith Lancaster <malancas@github.com> * update skipped test Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-11 18:09:10 -06:00
Meredith Lancaster	90b7bf97c5	gh-attestation cmd integration (#8698) ... * add attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * update args passed to the attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * rename file Signed-off-by: Meredith Lancaster <malancas@github.com> * use gh-attestation branch for passing iostreams from the root Signed-off-by: Meredith Lancaster <malancas@github.com> * add package security team entry to codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * start moving over verify cmd and general verification code Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up common and verify specific policy code Signed-off-by: Meredith Lancaster <malancas@github.com> * move artifact package over Signed-off-by: Meredith Lancaster <malancas@github.com> * start pulling in the github api client wrapper Signed-off-by: Meredith Lancaster <malancas@github.com> * fix imports Signed-off-by: Meredith Lancaster <malancas@github.com> * add logger and test packages Signed-off-by: Meredith Lancaster <malancas@github.com> * add additional packages to support verify command Signed-off-by: Meredith Lancaster <malancas@github.com> * fix mock api client Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up mock api client Signed-off-by: Meredith Lancaster <malancas@github.com> * include missing fields Signed-off-by: Meredith Lancaster <malancas@github.com> * use correct owner Signed-off-by: Meredith Lancaster <malancas@github.com> * add more mock api client options Signed-off-by: Meredith Lancaster <malancas@github.com> * add download cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add inspect cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * pass factory object to inspect cmd, add inspect sub cmd to attestation cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * add verify-tuf-root cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * pass iostream struct from command Signed-off-by: Meredith Lancaster <malancas@github.com> * rename logger pkg to logger Signed-off-by: Meredith Lancaster <malancas@github.com> * fix path in codeowners Signed-off-by: Meredith Lancaster <malancas@github.com> * formatter Signed-off-by: Meredith Lancaster <malancas@github.com> * go mod tidy Signed-off-by: Meredith Lancaster <malancas@github.com> * fix printf linter issue Signed-off-by: Meredith Lancaster <malancas@github.com> * fix printf linter issue Signed-off-by: Meredith Lancaster <malancas@github.com> * check user's GH host for compatibility Signed-off-by: Meredith Lancaster <malancas@github.com> * pass oci client to commands directly Signed-off-by: Meredith Lancaster <malancas@github.com> * rename command Signed-off-by: Meredith Lancaster <malancas@github.com> * mark tuf-root-verify cmd hidden Signed-off-by: Meredith Lancaster <malancas@github.com> * move client initialization back to subcommands Signed-off-by: Meredith Lancaster <malancas@github.com> * add more verbose options and logging Signed-off-by: Meredith Lancaster <malancas@github.com> * add missing logger Signed-off-by: Meredith Lancaster <malancas@github.com> * add testing around OCI and API client Signed-off-by: Meredith Lancaster <malancas@github.com> * add integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * fix file path Signed-off-by: Meredith Lancaster <malancas@github.com> * fix command Signed-off-by: Meredith Lancaster <malancas@github.com> * build executable before integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * split integration tests Signed-off-by: Meredith Lancaster <malancas@github.com> * remove integration test steps Signed-off-by: Meredith Lancaster <malancas@github.com> * fix flag value Signed-off-by: Meredith Lancaster <malancas@github.com> * run integration tests on ubuntu for now Signed-off-by: Meredith Lancaster <malancas@github.com> * pull over doc updates Signed-off-by: Meredith Lancaster <malancas@github.com> * delete unused test data Signed-off-by: Meredith Lancaster <malancas@github.com> * remove Go patch version Signed-off-by: Meredith Lancaster <malancas@github.com> * switch assert to require Signed-off-by: Meredith Lancaster <malancas@github.com> * rename file Signed-off-by: Meredith Lancaster <malancas@github.com> * move integration tests to prexisting test workflow Signed-off-by: Meredith Lancaster <malancas@github.com> * use platform matrix for integration tests Signed-off-by: Meredith Lancaster <malancas@github.com> * simplify build step Signed-off-by: Meredith Lancaster <malancas@github.com> * use StringEnumFlag handling Signed-off-by: Meredith Lancaster <malancas@github.com> * typo Signed-off-by: Meredith Lancaster <malancas@github.com> * use the iostreams.Test helper func Signed-off-by: Meredith Lancaster <malancas@github.com> * create interface for oci client Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for oci client Signed-off-by: Meredith Lancaster <malancas@github.com> * rename files Signed-off-by: Meredith Lancaster <malancas@github.com> * format file Signed-off-by: Meredith Lancaster <malancas@github.com> * fix shellcheck issues Signed-off-by: Meredith Lancaster <malancas@github.com> * use testing TempDir method Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup unused tempdir handling Signed-off-by: Meredith Lancaster <malancas@github.com> * use table driven tests Signed-off-by: Meredith Lancaster <malancas@github.com> * check correct cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * support repo option in download sub cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * switch over to using RunE Signed-off-by: Meredith Lancaster <malancas@github.com> * unexport top level subcommand funcs Signed-off-by: Meredith Lancaster <malancas@github.com> * add comment around keychain option Signed-off-by: Meredith Lancaster <malancas@github.com> * update comments Signed-off-by: Meredith Lancaster <malancas@github.com> * fix inconsistent naming Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for CLI commands Signed-off-by: Meredith Lancaster <malancas@github.com> * check for noattestationsfound err Signed-off-by: Meredith Lancaster <malancas@github.com> * try out metadata abstraction instead Signed-off-by: Meredith Lancaster <malancas@github.com> * switch to using MetadataStore abstraction Signed-off-by: Meredith Lancaster <malancas@github.com> * include test case with failing metadata store Signed-off-by: Meredith Lancaster <malancas@github.com> * look for err specific to file write Signed-off-by: Meredith Lancaster <malancas@github.com> * unexport fields Signed-off-by: Meredith Lancaster <malancas@github.com> * return err when an unsupported hash alg is provided Signed-off-by: Meredith Lancaster <malancas@github.com> * PrintTableToStdOut returns err when rendering fails Signed-off-by: Meredith Lancaster <malancas@github.com> * start adding sigstore verifier unit tests Signed-off-by: Meredith Lancaster <malancas@github.com> * add more sigstore verifier specific tests Signed-off-by: Meredith Lancaster <malancas@github.com> * use cli table printer Signed-off-by: Meredith Lancaster <malancas@github.com> * return JSON results in slice instead of table Signed-off-by: Meredith Lancaster <malancas@github.com> * move mock client to test file Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded table printer method Signed-off-by: Meredith Lancaster <malancas@github.com> * add initial tests for tufrootverify cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * formatting Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup method Signed-off-by: Meredith Lancaster <malancas@github.com> * close file in error handling branch Signed-off-by: Meredith Lancaster <malancas@github.com> * normalize artifact path Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded embedded file system Signed-off-by: Meredith Lancaster <malancas@github.com> * include image name reference err Signed-off-by: Meredith Lancaster <malancas@github.com> * use GH_DEBUG value for io handling Signed-off-by: Meredith Lancaster <malancas@github.com> * remove quiet and verbose flags Signed-off-by: Meredith Lancaster <malancas@github.com> * add more tufrootveriify tests Signed-off-by: Meredith Lancaster <malancas@github.com> * GitHubTUFOptions no longer needs to return error Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unneeded slice Signed-off-by: Meredith Lancaster <malancas@github.com> * normalize all relative paths Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up nil client checks Signed-off-by: Meredith Lancaster <malancas@github.com> * set api server based on host Signed-off-by: Meredith Lancaster <malancas@github.com> * add comment about http client Signed-off-by: Meredith Lancaster <malancas@github.com> * use format flag to handle json output in verify cmd Signed-off-by: Meredith Lancaster <malancas@github.com> * use format flag to handle json output Signed-off-by: Meredith Lancaster <malancas@github.com> * use normalized path for cli test arg Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for json output Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup error wrapping Signed-off-by: Meredith Lancaster <malancas@github.com> * use test fixtures correctly by normalizing path Signed-off-by: Meredith Lancaster <malancas@github.com> * dont clean Signed-off-by: Meredith Lancaster <malancas@github.com> * escape backwards slash for windows files with replace Signed-off-by: Meredith Lancaster <malancas@github.com> * use strings.Split func Signed-off-by: Meredith Lancaster <malancas@github.com> * use strings.Replace for all command tests Signed-off-by: Meredith Lancaster <malancas@github.com> * use CLI cache dir to store tuf metadata Signed-off-by: Meredith Lancaster <malancas@github.com> * Tweaked docstrings for gh attestation download * Tweaked docstrings for gh attestation verify * Fix for bug in gh attestation where the wrong hostname was being passed to the API client. * lets hide tuf-root-verify eh? * Forgot verify's short str. * add remote verification test Signed-off-by: Meredith Lancaster <malancas@github.com> * Revert "add remote verification test" This reverts commit c0ceb99ca8. * update json result handling Signed-off-by: Meredith Lancaster <malancas@github.com> * add json tags to struct returned by command Signed-off-by: Meredith Lancaster <malancas@github.com> * fix how json results are handled Signed-off-by: Meredith Lancaster <malancas@github.com> * add test to ensure JSON output is valid Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-04-01 11:13:47 -06:00