STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11089 commits 87 branches 0 tags 160 MiB
Commit graph

17 commits

Author SHA1 Message Date
Meredith Lancaster
3637f5aa26 add missing http client field in sigstoreConfig 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2025-05-07 17:11:18 -06:00
Meredith Lancaster
366485155e initiate custom verifiers when the sgistore verifier is created 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2025-04-08 16:23:37 -06:00
William Martin
db823c18b8 Allow injection of TUFMetadataDir in tests 
This avoids multiple tests using the same dir for metadata, which was causing flakes
 2025-02-20 17:04:30 +01:00
William Martin
9c90e3aac9 Use subtests in attestation verification integration tests 2025-02-18 16:44:48 +01:00
Meredith Lancaster
eae3b5baec Merge branch 'trunk' into verify-attestation-monotonic-tests 2024-11-06 09:41:33 -07:00
Meredith Lancaster
23374d8c62 undo sigstore verify result handling changes for now 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 12:49:01 -06:00
Meredith Lancaster
56731c9b70 remove unneeded result handling struct 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 12:26:06 -06:00
Meredith Lancaster
26e04932f2 split out individual sigstore verification 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 11:59:32 -06:00
Meredith Lancaster
3e90628abb add test for sigstore monotonic verification 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-31 11:23:15 -06:00
Meredith Lancaster
8a8f224a7a fix test 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 15:28:00 -06:00
Meredith Lancaster
502856082e table tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 13:40:23 -06:00
Phill MV
aaea0166e2 If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error. 2024-10-09 16:51:00 -04:00
Cody Soyland
500b619a5e
Move non-integration test to different test file 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-06 13:55:25 -04:00
Cody Soyland
8446079656
Upgrade to sigstore-go v0.6.1 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-04 16:38:13 -04:00
Cody Soyland
574e131072
Require Sigstore Bundle v0.3 when verifying with gh attestation 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-08-09 16:02:04 -04:00
Zach Steindler
f972050dc9
gh attestation trusted-root subcommand (#9206) 
Adds `trusted-root` subcommand to `gh attestation`.

For use in upcoming docs on how to do offline verification with artifact
attestations.

---------

Signed-off-by: Zach Steindler <steiza@github.com>
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-07-01 11:50:39 -04:00
Meredith Lancaster
6f350827d2
Run attestation command set integration tests separately (#9035) 
* rename and add integration build tag

Signed-off-by: Meredith Lancaster <malancas@github.com>

* run tests that include integration build tag in workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-05-02 08:07:44 -06:00
Renamed from pkg/cmd/attestation/verification/sigstore_test.go (Browse further)