STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8512 commits 87 branches 0 tags 160 MiB
Commit graph

3899 commits

Author SHA1 Message Date
Andrew Feller
47d77bd51b Add version checking when executing extensions 
Building on logic from the `gh ext list` for retrieving and assessing extension release information, this commit enhances the logic around invoking extensions to check for new releases.

Using the same user experience from checking `gh` version, this should only output information when the extension is used and gives the user information on how to upgrade depending on the type of extension and whether it is pinned or not.

```shell
andrewfeller@Andrews-MacBook-Pro cli % gh ext install dlvhdr/gh-dash --pin v4.6.0
✓ Installed extension dlvhdr/gh-dash
✓ Pinned extension at v4.6.0
andrewfeller@Andrews-MacBook-Pro cli % ./bin/gh dash

A new release of dash is available: 4.6.0 → 4.7.0
To upgrade, run: gh extension upgrade dash --force
https://github.com/dlvhdr/gh-dash
```
 2024-11-02 13:14:05 -04:00
Meredith Lancaster
91967cced8
Update pkg/cmd/attestation/verify/verify.go 
Co-authored-by: Phill MV <phillmv@github.com>
 2024-11-01 09:51:05 -06:00
Meredith Lancaster
43810a5fc3 use predicate type stored in enforcementCriteria 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-11-01 09:17:47 -06:00
Meredith Lancaster
bb1584b52a comment 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-11-01 09:02:56 -06:00
Meredith Lancaster
a6d15b4f60 update OIDC issuer logic 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-11-01 09:02:23 -06:00
Meredith Lancaster
a5eca00d0d remove emtpy string checks 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-11-01 08:20:32 -06:00
Meredith Lancaster
0fb82a6e7c comments 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 17:11:02 -06:00
Meredith Lancaster
a7a70fc91c check for SAN and SANRegex 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:59:25 -06:00
Meredith Lancaster
50cda0df44 add Valid method for EnforcementCriteria 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:56:49 -06:00
Meredith Lancaster
8336f797ad use sigstore-go certificate.Summary type for criteria 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:27:21 -06:00
Meredith Lancaster
9f3d00960c keep comment 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:16:09 -06:00
Meredith Lancaster
a81cb730fc update VerifyCertExtensions args 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:14:28 -06:00
Meredith Lancaster
e6d0a067e6
Update pkg/cmd/attestation/verification/extensions.go 
Co-authored-by: Phill MV <phillmv@github.com>
 2024-10-31 16:09:45 -06:00
Meredith Lancaster
7948ce4dc9 rename function 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:09:08 -06:00
Meredith Lancaster
6f4b5ddc40 remove artifact from EnforcementCriteria 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 16:07:25 -06:00
Phill MV
ea59132d38 more wip poking around, now with table printing 2024-10-31 17:02:46 -04:00
Meredith Lancaster
23374d8c62 undo sigstore verify result handling changes for now 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 12:49:01 -06:00
Meredith Lancaster
4bd46334ff return the last verification error for now 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 12:38:37 -06:00
Meredith Lancaster
56731c9b70 remove unneeded result handling struct 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 12:26:06 -06:00
Meredith Lancaster
26e04932f2 split out individual sigstore verification 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 11:59:32 -06:00
Meredith Lancaster
3e90628abb add test for sigstore monotonic verification 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 11:23:15 -06:00
Meredith Lancaster
d29a4a751a update extension verification logic 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 10:44:36 -06:00
Meredith Lancaster
97262d8ce7 add test case for monotonic verification success 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 10:25:45 -06:00
Meredith Lancaster
01f63c5cc3 clean up unneeded struct 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 10:08:05 -06:00
Meredith Lancaster
9cdeb31fc6 reorganize funcs 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 08:32:35 -06:00
Meredith Lancaster
61b60e9430 fix runner setting 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 08:19:33 -06:00
Meredith Lancaster
bb0dcd9db4 fix wrong field settings 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 17:19:15 -06:00
Meredith Lancaster
318bd90356 update extensions tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 16:21:15 -06:00
Meredith Lancaster
bf4f04f797 Merge branch 'trunk' into attestation-refactor-policy 2024-10-30 16:14:30 -06:00
Meredith Lancaster
84c823c55f clean up extension verification tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 16:12:57 -06:00
Meredith Lancaster
8b02c43085 add tests for newEnforcementCriteria 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 16:05:39 -06:00
Meredith Lancaster
1652051fc2
Merge pull request #9825 from malancas/verify-provenance-predicate-by-default 
`gh attestation verify` should only verify provenance attestations by default
 2024-10-30 15:45:18 -06:00
Meredith Lancaster
4fa5f0c5ee update extensions test 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 15:44:53 -06:00
Meredith Lancaster
fa2574c1a8 Merge remote-tracking branch 'upstream/trunk' into attestation-refactor-policy 2024-10-30 15:29:27 -06:00
Meredith Lancaster
93c78a2134 use sigstore specific err 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 15:28:34 -06:00
Meredith Lancaster
b44c9d3003 undo policy method changes 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 15:23:50 -06:00
Meredith Lancaster
bb5136007e
Merge pull request #9838 from malancas/attestation-clean-up-tests 
Clean up skipped online tests for `gh attestation verify`
 2024-10-30 13:28:44 -06:00
Andy Feller
3b4301f62a
Merge pull request #9845 from cli/andyfeller/9807-repo-edit-visibility-confirmation 
Require visibility confirmation in `gh repo edit`
 2024-10-30 15:20:51 -04:00
Meredith Lancaster
3378b546da simplify if else logic 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-30 12:58:40 -06:00
Andy Feller
3f5fc85e41 Assert stderr for gh repo edit visibility tests 2024-10-30 13:31:00 -04:00
Meredith Lancaster
41c3ba5fa7 drop sigstore instance for now 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 18:19:19 -06:00
Meredith Lancaster
e16b69bd08 cert extension funcs are now policy methods 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 17:27:47 -06:00
Meredith Lancaster
e5b2b09a6e move policy functions into methods 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 16:41:17 -06:00
Meredith Lancaster
704de0cf37 start building a separate policy struct 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 15:33:24 -06:00
Phill MV
dbbd83c566 wip, gh at inspect will check the signature on the bundle 2024-10-29 14:17:04 -04:00
Meredith Lancaster
384057c2e2 bold all flags in docs 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 11:54:42 -06:00
Meredith Lancaster
271450883e
Update pkg/cmd/attestation/verify/verify.go 
Co-authored-by: Phill MV <phillmv@github.com>
 2024-10-29 11:53:28 -06:00
Andy Feller
15b2db9277 Require visibility confirmation in gh repo edit 
This commit modifies interactive and non-interactive behaviors around `gh repo edit` as well as providing greater information about the impact.

1. `--help` usage is expanded to highlight the most significant consequences of changing visibility
1. `--help` usage and interactive experience call out GitHub Docs content that act as source of truth about full consequences of various changes
1. `gh repo edit` interactive experience will require confirmation for any visibility change
1. `gh repo edit` interactive experience will output potential stars and watchers lose regardless of visibility transition
1. `gh repo edit` will require `--visibility` flag to include new `--accept-visibility-change-consequences` flag regardless of interactivity
 2024-10-29 10:25:04 -04:00
Meredith Lancaster
15d7e33ddb update references 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 07:11:51 -06:00
Meredith Lancaster
7bfddec046 fix references 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 07:09:45 -06:00