STACKITGit/cli - Git hosting by STACKIT

Author	SHA1	Message	Date
Meredith Lancaster	f376ac1a2c	Merge branch 'trunk' into simplify-sigstore-verify-result-handling	2024-11-06 07:59:23 -07:00
Meredith Lancaster	91967cced8	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Phill MV <phillmv@github.com>	2024-11-01 09:51:05 -06:00
Meredith Lancaster	43810a5fc3	use predicate type stored in enforcementCriteria Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-11-01 09:17:47 -06:00
Meredith Lancaster	50cda0df44	add Valid method for EnforcementCriteria Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 16:56:49 -06:00
Meredith Lancaster	7948ce4dc9	rename function Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 16:09:08 -06:00
Meredith Lancaster	6f4b5ddc40	remove artifact from EnforcementCriteria Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 16:07:25 -06:00
Meredith Lancaster	56731c9b70	remove unneeded result handling struct Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-31 12:26:06 -06:00
Meredith Lancaster	bf4f04f797	Merge branch 'trunk' into attestation-refactor-policy	2024-10-30 16:14:30 -06:00
Meredith Lancaster	93c78a2134	use sigstore specific err Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-30 15:28:34 -06:00
Meredith Lancaster	b44c9d3003	undo policy method changes Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-30 15:23:50 -06:00
Meredith Lancaster	e16b69bd08	cert extension funcs are now policy methods Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 17:27:47 -06:00
Meredith Lancaster	e5b2b09a6e	move policy functions into methods Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 16:41:17 -06:00
Meredith Lancaster	384057c2e2	bold all flags in docs Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 11:54:42 -06:00
Meredith Lancaster	271450883e	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Phill MV <phillmv@github.com>	2024-10-29 11:53:28 -06:00
Meredith Lancaster	7bfddec046	fix references Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 07:09:45 -06:00
Meredith Lancaster	f8f3502cac	doc updates Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-28 15:37:58 -06:00
Meredith Lancaster	28fa42a324	message formatting Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-25 15:00:11 -06:00
Meredith Lancaster	fa6536493f	predicate-type is no longer empty Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-25 14:54:52 -06:00
Meredith Lancaster	e8013c0778	update documentation to indclude predicate-type information Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-25 14:04:54 -06:00
Meredith Lancaster	4d57c79770	set provenance predicate type as default for predicate-type flag Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-24 11:40:55 -06:00
Tyler McGoffin	81591a09b8	Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname	2024-10-15 11:56:43 -07:00
Brian DeHamer	8c8423aa3d	better error for att verify custom issuer mismatch Signed-off-by: Brian DeHamer <bdehamer@github.com> Co-authored-by: Zach Steindler <steiza@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-09-16 12:38:12 -07:00
Fredrik Skogman	1b59ec8ad0	This commit introduces tenancy aware attestation policy building. This is done by inspecting the current hostname to determine if tenancy is enabled. The attestation commands also accepts a --hostname parameter, that is used to pick the current host, similar to how the GH_HOST variable can be used. Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>	2024-09-11 10:49:17 +02:00
Cody Soyland	b14e430441	Check for nil values to prevent nil dereference panic Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-09-06 15:22:43 -04:00
ejahnGithub	3fd309bdde	rename flag to bundle-from-oci	2024-08-19 10:29:01 -04:00
ejahnGithub	05891965d0	udpate the options	2024-08-15 11:56:28 -04:00
ejahnGithub	57aea664e5	added test	2024-08-07 10:10:59 -07:00
ejahnGithub	8d17896080	refactor the logic and logging	2024-08-05 12:25:52 -07:00
ejahnGithub	20d3931427	tmp	2024-08-05 09:11:25 -07:00
ejahnGithub	dc4e9cb532	handle attest case insensitivity	2024-07-30 12:11:25 -07:00
Zach Steindler	f972050dc9	gh attestation trusted-root subcommand (#9206 ) Adds `trusted-root` subcommand to `gh attestation`. For use in upcoming docs on how to do offline verification with artifact attestations. --------- Signed-off-by: Zach Steindler <steiza@github.com> Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>	2024-07-01 11:50:39 -04:00
Phill MV	c9f9fac7dc	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller <andyfeller@github.com>	2024-06-24 13:33:10 -04:00
Phill MV	c25dacc33e	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller <andyfeller@github.com>	2024-06-24 13:32:51 -04:00
Phill MV	06607d3e95	s/originated/caller/ workflow	2024-06-24 10:05:58 -04:00
Phill MV	152607e0e8	Removed beta note from `gh at verify`, clarified reusable workflows use case.	2024-06-23 21:53:09 -04:00
Phill MV	e8a13cfed3	replaced deprecated --json-result flag with --format=json in the gh at docstring.	2024-06-04 15:52:54 -04:00
Meredith Lancaster	cd5562f5ac	Add `signer-repo` and `signer-workflow` flags to `gh attestation verify` (#9137 ) * add signer-repo and signer-workflow flags Signed-off-by: Meredith Lancaster <malancas@github.com> * add check for SignerRepo option Signed-off-by: Meredith Lancaster <malancas@github.com> * add helper function and comment for clarity Signed-off-by: Meredith Lancaster <malancas@github.com> * update flag comment Signed-off-by: Meredith Lancaster <malancas@github.com> * reference correct field Signed-off-by: Meredith Lancaster <malancas@github.com> * move function to more relevant file Signed-off-by: Meredith Lancaster <malancas@github.com> * Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Zach Steindler <steiza@github.com> * Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Zach Steindler <steiza@github.com> * make all reusable workflow flags mutually exclusive Signed-off-by: Meredith Lancaster <malancas@github.com> * accept signer workflow without host Signed-off-by: Meredith Lancaster <malancas@github.com> * support client optionally providing host with signer workflow flag Signed-off-by: Meredith Lancaster <malancas@github.com> * comment Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for parsing signer workflow Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Zach Steindler <steiza@github.com>	2024-05-30 07:40:55 -06:00
Meredith Lancaster	c9e8fd6c64	Fix `attestation verify` source repository check bug (#9053 ) * add build source repo URI extension when repo is provided, add integration tests for this change Signed-off-by: Meredith Lancaster <malancas@github.com> * add initial docs on specifying cert identity Signed-off-by: Meredith Lancaster <malancas@github.com> * wording Signed-off-by: Meredith Lancaster <malancas@github.com> * add reusable workflow example Signed-off-by: Meredith Lancaster <malancas@github.com> * add more test cases Signed-off-by: Meredith Lancaster <malancas@github.com> * tweak to verify docs --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-05-08 07:44:52 -06:00
Phill MV	5619251faa	Tweaked gh attestation help strings to generate nicer cli manual site.	2024-04-29 16:24:54 -04:00
Andy Feller	d51ae5ced9	Update attestation's beta designation	2024-04-29 14:45:20 -04:00
Andy Feller	0740c00f0a	Add beta designation on attestation command set With the `gh attestation` command set going into public beta, users should be reminded the feature is in beta and subject to change. Both the short and long help usage are updated for individual command `--help` as well as `gh reference`.	2024-04-29 12:46:01 -04:00
Andy Feller	68dfd87f47	Merge pull request #9000 from cli/andyfeller/flag-level-disableauth proof of concept for flag-level disable auth check	2024-04-29 12:15:49 -04:00
William Martin	6d8709bdd7	Merge pull request #8997 from steiza/steiza/attestation-verify-offline Support offline mode for `gh attestation verify`	2024-04-29 12:22:08 +02:00
Zach Steindler	1aefeec71b	Use cmdutil.ExactArgs instead of MinimumArgs; also add tests Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-25 15:41:49 -04:00
Andy Feller	2d910406c6	proof of concept for flag-level disable auth check Building upon the existing command-level disable auth check logic, this commit adds flag-level disable auth check logic for any flag set with `-b,--bundle` flag of `gh attestation verify` being the first use case. Subsequent commit to build out testing is needed as IsAuthCheckEnabled does not have tests.	2024-04-25 09:28:49 -04:00
Meredith Lancaster	63640b16a7	Update `gh attestation verify` output (#8991 ) * start updating default verify cmd output Signed-off-by: Meredith Lancaster <malancas@github.com> * start adding support for printing a table of attestation details Signed-off-by: Meredith Lancaster <malancas@github.com> * extract attestation details from verification result Signed-off-by: Meredith Lancaster <malancas@github.com> * condense logging Signed-off-by: Meredith Lancaster <malancas@github.com> * update logging from feedback Signed-off-by: Meredith Lancaster <malancas@github.com> * update error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup more error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * include test data for printing to table in the mock sigstore verifier response Signed-off-by: Meredith Lancaster <malancas@github.com> * fix linter err Signed-off-by: Meredith Lancaster <malancas@github.com> * Update pkg/cmd/attestation/verification/mock_verifier.go Co-authored-by: Phill MV <phillmv@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-04-24 14:03:35 -06:00
Zach Steindler	d9f7b922d0	Support offline mode for `gh attestation verify` The main change is previously we always instantiated a TUF client for the public good and GitHub Sigstore instances. Now we only instantiate the TUF client we need, or no client if we are provided a custom trusted root. Note that `gh attestation verify` still requires authentication, that is being addressed in https://github.com/cli/cli/pull/8995. Some other changes are coming along for the ride: - Set TUF cache validity to 1 day, to help serial verification - Attempt to infer verification policy based on custom trusted root - Make command output more friendly if you leave off required arguments Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 10:24:23 -04:00
Andy Feller	a42450e9a3	Merge pull request #8949 from steiza/steiza/multi-attestation Add support to `attestation` command for more predicate types.	2024-04-12 11:12:59 -04:00
Meredith Lancaster	02158e896b	Fix `attestation` cmd offline unit test failure (#8933 ) * pass policy to Verify method Signed-off-by: Meredith Lancaster <malancas@github.com> * remove policy argument from SigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * add SigstoreVerifier interface and introduce mock SigstoreVerifier struct for unit testing Signed-off-by: Meredith Lancaster <malancas@github.com> * gofmt Signed-off-by: Meredith Lancaster <malancas@github.com> * rename LiveSigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, add todos for tests that need to be reimplemented Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unused import Signed-off-by: Meredith Lancaster <malancas@github.com> * add more missing TODO statements Signed-off-by: Meredith Lancaster <malancas@github.com> * update skipped test Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-11 18:09:10 -06:00
Zach Steindler	f0a1e2707c	Change subcommands default to be more user friendly Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-10 10:11:33 -04:00

1 2

52 commits