STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11279 commits 87 branches 0 tags 160 MiB
Commit graph

25 commits

Author SHA1 Message Date
Pavel Dostál
20e4d25147 Add missing //go:build integration tag to verify_integration_test.go 
The four tests in this file (TestVerifyIntegration,
TestVerifyIntegrationCustomIssuer, TestVerifyIntegrationReusableWorkflow,
TestVerifyIntegrationReusableWorkflowSignerWorkflow) call
NewLiveSigstoreVerifier which requires network access to Sigstore and
GitHub TUF servers. Unlike the other integration test files in this
package (attestation_integration_test.go, sigstore_integration_test.go,
inspect_integration_test.go), this file was missing the //go:build
integration tag, causing these tests to run during a regular
'go test ./...' and fail in network-isolated build environments.
 2026-04-28 18:20:23 +02:00
William Martin
17776cafc1 Apply review feedback 
- Harden SpawnSendTelemetry against relative executable paths
- Use io.Copy for telemetry subprocess stdin write
- Clean up GH_TELEMETRY/DO_NOT_TRACK help text
- Fall back to built-in defaults (NoOp telemetry) on config load failure

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-17 12:28:52 +02:00
William Martin
3ed389d664 Disable telemetry for GHES 2026-04-17 11:50:24 +02:00
William Martin
c51769c977 Record agentic invocations in User-Agent header 
Detect which AI coding agent is invoking gh by checking well-known
environment variables and include the agent name in the User-Agent
header sent to GitHub APIs.

Supported agents: Codex, Gemini CLI, Copilot CLI, OpenCode,
Claude Code, and Amp. Generic AI_AGENT env var is also supported
with validation to prevent header injection.

Fixes github/cli#1111

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-24 19:58:37 +01:00
Meredith Lancaster
3637f5aa26 add missing http client field in sigstoreConfig 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2025-05-07 17:11:18 -06:00
Meredith Lancaster
139e82c68c Revert "temporarily skip non-failing tests" 
This reverts commit de8778797f.
 2025-04-09 07:23:17 -06:00
Meredith Lancaster
de8778797f temporarily skip non-failing tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2025-04-08 19:09:52 -06:00
Meredith Lancaster
366485155e initiate custom verifiers when the sgistore verifier is created 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2025-04-08 16:23:37 -06:00
William Martin
db823c18b8 Allow injection of TUFMetadataDir in tests 
This avoids multiple tests using the same dir for metadata, which was causing flakes
 2025-02-20 17:04:30 +01:00
Meredith Lancaster
90f5dae82b Merge branch 'trunk' into consolidate-verify-policy-options-config 2024-12-13 15:23:01 -07:00
Meredith Lancaster
67798b06c0 use github owned oci image 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-12-06 08:32:16 -07:00
Meredith Lancaster
2b7c6f6a16 add integration test for bundle-from-oci option 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-12-05 09:58:27 -07:00
Meredith Lancaster
b4dfc9fc72 update tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-12-04 14:59:10 -07:00
Meredith Lancaster
1652051fc2
Merge pull request #9825 from malancas/verify-provenance-predicate-by-default 
`gh attestation verify` should only verify provenance attestations by default
 2024-10-30 15:45:18 -06:00
Meredith Lancaster
15d7e33ddb update references 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 07:11:51 -06:00
Meredith Lancaster
a820457b09 clean up skipped online tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 11:47:31 -06:00
Meredith Lancaster
9ddaf13ef5 add predicate type to integration tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 15:32:16 -06:00
Brian DeHamer
8c8423aa3d
better error for att verify custom issuer mismatch 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Zach Steindler <steiza@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-09-16 12:38:12 -07:00
Brian DeHamer
f128ae8349
add att verify test for custom OIDC issuer 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-11 12:49:06 -07:00
Fredrik Skogman
1b59ec8ad0
This commit introduces tenancy aware attestation policy building. 
This is done by inspecting the current hostname to determine if
tenancy is enabled.

The attestation commands also accepts a --hostname parameter, that
is used to pick the current host, similar to how the GH_HOST variable
can be used.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-09-11 10:49:17 +02:00
ejahnGithub
596ee8bd71 update test 2024-07-30 13:22:49 -07:00
Zach Steindler
658f125ab3
Update sigstore-go in gh CLI to v0.5.1 (#9366) 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-07-25 20:59:39 +02:00
Meredith Lancaster
cd5562f5ac
Add signer-repo and signer-workflow flags to gh attestation verify (#9137) 
* add signer-repo and signer-workflow flags

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add check for SignerRepo option

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add helper function and comment for clarity

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update flag comment

Signed-off-by: Meredith Lancaster <malancas@github.com>

* reference correct field

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move function to more relevant file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update pkg/cmd/attestation/verify/verify.go

Co-authored-by: Zach Steindler <steiza@github.com>

* Update pkg/cmd/attestation/verify/verify.go

Co-authored-by: Zach Steindler <steiza@github.com>

* make all reusable workflow flags mutually exclusive

Signed-off-by: Meredith Lancaster <malancas@github.com>

* accept signer workflow without host

Signed-off-by: Meredith Lancaster <malancas@github.com>

* support client optionally providing host with signer workflow flag

Signed-off-by: Meredith Lancaster <malancas@github.com>

* comment

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add tests for parsing signer workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Zach Steindler <steiza@github.com>
 2024-05-30 07:40:55 -06:00
Meredith Lancaster
8d0518645f
Add integration tests for gh attestation verify shared workflow use case (#9107) 
* add initial shared workflow use case tests and test data

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more shared workflow tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, replace shared with reusable

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use demo repository with reusable workflow tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-05-28 07:13:34 -06:00
Meredith Lancaster
c9e8fd6c64
Fix attestation verify source repository check bug (#9053) 
* add build source repo URI extension when repo is provided, add integration tests for this change

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add initial docs on specifying cert identity

Signed-off-by: Meredith Lancaster <malancas@github.com>

* wording

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add reusable workflow example

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more test cases

Signed-off-by: Meredith Lancaster <malancas@github.com>

* tweak to verify docs

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-05-08 07:44:52 -06:00