STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8212 commits 87 branches 0 tags 160 MiB
Commit graph

140 commits

Author SHA1 Message Date
Meredith Lancaster
1652051fc2
Merge pull request #9825 from malancas/verify-provenance-predicate-by-default 
`gh attestation verify` should only verify provenance attestations by default
 2024-10-30 15:45:18 -06:00
Meredith Lancaster
384057c2e2 bold all flags in docs 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 11:54:42 -06:00
Meredith Lancaster
271450883e
Update pkg/cmd/attestation/verify/verify.go 
Co-authored-by: Phill MV <phillmv@github.com>
 2024-10-29 11:53:28 -06:00
Meredith Lancaster
15d7e33ddb update references 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 07:11:51 -06:00
Meredith Lancaster
7bfddec046 fix references 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-29 07:09:45 -06:00
Meredith Lancaster
efa6fafc47
Update pkg/cmd/attestation/verification/attestation.go 
Co-authored-by: Phill MV <phillmv@github.com>
 2024-10-29 07:06:23 -06:00
Meredith Lancaster
7598c4a58f organize 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 15:38:06 -06:00
Meredith Lancaster
f8f3502cac doc updates 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 15:37:58 -06:00
Meredith Lancaster
8a8f224a7a fix test 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 15:28:00 -06:00
Meredith Lancaster
4ec696dacd create common test fixture, organize tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 13:40:48 -06:00
Meredith Lancaster
502856082e table tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 13:40:23 -06:00
Meredith Lancaster
f8b0f5e687 clean up test 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 13:02:12 -06:00
Meredith Lancaster
ce5bde4379 simplify signer workflow validation tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 12:59:04 -06:00
Meredith Lancaster
a820457b09 clean up skipped online tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-28 11:47:31 -06:00
Meredith Lancaster
9ddaf13ef5 add predicate type to integration tests 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 15:32:16 -06:00
Meredith Lancaster
cef335c698 update tests to include predicate type 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 15:26:32 -06:00
Meredith Lancaster
28fa42a324 message formatting 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 15:00:11 -06:00
Meredith Lancaster
fa6536493f predicate-type is no longer empty 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 14:54:52 -06:00
Meredith Lancaster
e8013c0778 update documentation to indclude predicate-type information 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-25 14:04:54 -06:00
Meredith Lancaster
4d57c79770 set provenance predicate type as default for predicate-type flag 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-10-24 11:40:55 -06:00
Phill MV
afa4272bdf
Merge pull request #9797 from cli/phillmv/retry-getting-attestations 
`gh at verify` retries fetching attestations if it receives a 5xx
 2024-10-23 13:45:09 -04:00
bagtoad
04add8d68f Use new GitHub previews terminology in attestation 
Update attestations commands to align with new GitHub previews terminology, replacing `beta` with `public preview`.

https://github.blog/changelog/2024-10-18-new-terminology-for-github-previews/
 2024-10-22 10:50:00 -06:00
Phill MV
de4c05fb61 Linting: now that mockDataGenerator has an embedded mock, we ought to have pointer receivers in its funcs. 2024-10-21 14:32:32 -04:00
Phill MV
a8b3f050ac
Merge branch 'trunk' into phillmv/fail-verification-if-no-attestations 2024-10-21 12:49:41 -04:00
Phill MV
e7446676b6 Minor tweaks, added backoff to getTrustDomain 2024-10-21 12:44:51 -04:00
Phill MV
fafda48905 added test for verifying we do 3 retries when fetching attestations. 2024-10-21 12:32:57 -04:00
Phill MV
efc1c97cf1 Added constant backoff retry to getAttestations. 2024-10-21 12:10:18 -04:00
Phill MV
664e09fdbc wip: added test that fails in the absence of a backoff. 2024-10-21 11:20:46 -04:00
Tyler McGoffin
8109594c4c auth: Removed redundant ghauth.IsTenancy(host) check 2024-10-15 11:56:43 -07:00
Tyler McGoffin
81591a09b8 Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname 2024-10-15 11:56:43 -07:00
Phill MV
28c2308458 While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way. 2024-10-10 11:22:22 -04:00
Phill MV
aaea0166e2 If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error. 2024-10-09 16:51:00 -04:00
Brian DeHamer
5f60b3ca3e
Merge branch 'trunk' into bdehamer/att-trusted-root-tenant-aware 2024-09-20 09:22:40 -07:00
Brian DeHamer
8123de9722
fix tenant-awareness for trusted-root command 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-18 14:05:04 -07:00
bagtoad
d8e77d256f Use new HasActiveToken method in trustedroot.go 2024-09-18 10:35:11 -06:00
Brian DeHamer
3bcedfe7f0
Update pkg/cmd/attestation/trustedroot/trustedroot_test.go 
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-09-17 14:18:00 -07:00
Brian DeHamer
cbe8525321
enforce auth for tenancy 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-16 13:52:57 -07:00
Brian DeHamer
8e8fc696f1
disable auth check for att trusted-root cmd 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-16 12:55:18 -07:00
Brian DeHamer
2e13ec5d80
Merge pull request #9616 from cli/bdehamer/custom-issuer-error 
Better messaging for `attestation verify` custom issuer mismatch error
 2024-09-16 12:52:12 -07:00
Brian DeHamer
8c8423aa3d
better error for att verify custom issuer mismatch 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Zach Steindler <steiza@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-09-16 12:38:12 -07:00
Andy Feller
d108784d7f
Merge pull request #9618 from cli/wm/tenant-api 
Use api subdomains for tenant hosts
 2024-09-16 09:53:44 -04:00
Meredith Lancaster
0f42ee46f0
Merge pull request #9612 from cli/bdehamer/attest-verify-no-tty 
Suppress `attestation verify` output when no TTY present
 2024-09-13 10:01:02 -06:00
Meredith Lancaster
e381d54511
Merge pull request #9564 from malancas/verification-err-output 
Update `gh attestation verify` bundle parsing and validation errors
 2024-09-13 09:27:07 -06:00
William Martin
352737cb60 Use api subdomains for commands using ghinstance package 2024-09-13 15:03:36 +02:00
Brian DeHamer
677edbac77
suppress att verify output when no tty 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-12 09:40:47 -07:00
Brian DeHamer
f128ae8349
add att verify test for custom OIDC issuer 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-11 12:49:06 -07:00
Fredrik Skogman
1b59ec8ad0
This commit introduces tenancy aware attestation policy building. 
This is done by inspecting the current hostname to determine if
tenancy is enabled.

The attestation commands also accepts a --hostname parameter, that
is used to pick the current host, similar to how the GH_HOST variable
can be used.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-09-11 10:49:17 +02:00
Meredith Lancaster
50d335566d check specific err 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-10 10:47:06 -06:00
Meredith Lancaster
3814e82f9b check err in GetLocalAttestations 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-10 10:32:46 -06:00
Meredith Lancaster
f748f9e65f Merge remote-tracking branch 'upstream/trunk' into verification-err-output 2024-09-10 09:04:57 -06:00