STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7443 commits 87 branches 0 tags 160 MiB
Commit graph

3252 commits

Author SHA1 Message Date
Andy Feller
68dfd87f47
Merge pull request #9000 from cli/andyfeller/flag-level-disableauth 
proof of concept for flag-level disable auth check
 2024-04-29 12:15:49 -04:00
Andy Feller
cc36d32a21 Test gh at verify -b does not require auth 
Thanks to @williammartin, this completes the PR by ensuring the actual feature this new logic was added for actually works as expected :D
 2024-04-29 12:02:41 -04:00
Babak K. Shandiz
7c4e45cc9d
Fix issue with closing pager stream (#9020) 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-29 15:48:08 +02:00
Babak K. Shandiz
7d432bcd3a
Support long URLs in gh repo clone (#9008) 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-29 14:42:18 +02:00
William Martin
6d8709bdd7
Merge pull request #8997 from steiza/steiza/attestation-verify-offline 
Support offline mode for `gh attestation verify`
 2024-04-29 12:22:08 +02:00
William Martin
cf2060ce9a Remove unnecessary defensive check 2024-04-26 17:20:26 +02:00
William Martin
439c95c55e Test verification failures when attestations are bad 2024-04-26 17:20:04 +02:00
William Martin
a0c06e170e Rework sigstore tests for easier maintenance 2024-04-26 16:56:13 +02:00
William Martin
054b306d09 Make error more obvious when bundle has wrong extension 2024-04-26 16:23:56 +02:00
Nero Blackstone​
93113e12ea
Add colon at the end of secret prompts (#9004) 2024-04-26 12:58:45 +02:00
Zach Steindler
1aefeec71b Use cmdutil.ExactArgs instead of MinimumArgs; also add tests 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-25 15:41:49 -04:00
Andy Feller
2d910406c6 proof of concept for flag-level disable auth check 
Building upon the existing command-level disable auth check logic, this commit adds flag-level disable auth check logic
for any flag set with `-b,--bundle` flag of `gh attestation verify` being the first use case.

Subsequent commit to build out testing is needed as IsAuthCheckEnabled does not have tests.
 2024-04-25 09:28:49 -04:00
Meredith Lancaster
28c4d3075b
remove hidden flag from attestation command (#8998) 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-25 07:27:00 -06:00
Meredith Lancaster
63640b16a7
Update gh attestation verify output (#8991) 
* start updating default verify cmd output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start adding support for printing a table of attestation details

Signed-off-by: Meredith Lancaster <malancas@github.com>

* extract attestation details from verification result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* condense logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update logging from feedback

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup more error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include test data for printing to table in the mock sigstore verifier response

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter err

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update pkg/cmd/attestation/verification/mock_verifier.go

Co-authored-by: Phill MV <phillmv@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-04-24 14:03:35 -06:00
Zach Steindler
caf0546a11 Just base verification policy on trusted root, not bundle 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 11:02:53 -04:00
Zach Steindler
d9f7b922d0 Support offline mode for gh attestation verify 
The main change is previously we always instantiated a TUF client for
the public good and GitHub Sigstore instances. Now we only instantiate
the TUF client we need, or no client if we are provided a
custom trusted root.

Note that `gh attestation verify` still requires authentication, that is
being addressed in https://github.com/cli/cli/pull/8995.

Some other changes are coming along for the ride:
- Set TUF cache validity to 1 day, to help serial verification
- Attempt to infer verification policy based on custom trusted root
- Make command output more friendly if you leave off required arguments

Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 10:24:23 -04:00
Meredith Lancaster
e30dd40c9e
gh attestation tuf-root-verify offline test fix (#8975) 
* pass TUF client constructor as an arugment for offline unit testing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update func name

Signed-off-by: Meredith Lancaster <malancas@github.com>

* simplify naming

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, rename type

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-23 07:54:45 -06:00
Stanislav OchotnickĂ˝
4aa18a9b9a Make it clearer that job flag is meant to be an ID 2024-04-17 13:53:55 +02:00
Stanislav OchotnickĂ˝
40be4b366c Ignore run-id when providing also job for rerun 
This makes the behaviour consistent with gh run view.
 2024-04-17 13:49:16 +02:00
William Martin
fd4f2c9c1f
Merge pull request #8620 from heaths/merge-json 
Merge JSON responses from `gh api`
 2024-04-17 11:45:13 +02:00
Heath Stewart
2758b80013
Remove unnecessary --help comment 2024-04-15 21:38:16 -07:00
Babak K. Shandiz
1992fdeb1a
Use filepath.Join to support different platforms 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-14 00:09:53 +01:00
Babak K. Shandiz
f05a5ccb6b
Merge branch 'trunk' into 8508-add-skip-ssh-key-option 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-13 21:17:16 +01:00
Babak K. Shandiz
a269032fd3
Refactor into table tests 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-13 21:13:12 +01:00
Babak K. Shandiz
2c6343ad56
Explain --skip-ssh-key usage in long doc 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-13 15:47:44 +01:00
Andy Feller
a42450e9a3
Merge pull request #8949 from steiza/steiza/multi-attestation 
Add support to `attestation` command for more predicate types.
 2024-04-12 11:12:59 -04:00
Meredith Lancaster
02158e896b
Fix attestation cmd offline unit test failure (#8933) 
* pass policy to Verify method

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove policy argument from SigstoreVerifier constructor

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add SigstoreVerifier interface and introduce mock SigstoreVerifier struct for unit testing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* gofmt

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename LiveSigstoreVerifier constructor

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, add todos for tests that need to be reimplemented

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove unused import

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more missing TODO statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update skipped test

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-11 18:09:10 -06:00
Zach Steindler
f0a1e2707c Change subcommands default to be more user friendly 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-10 10:11:33 -04:00
Zach Steindler
2b293c4840 Add unit test, update naming, ensure DSSE envelope is in-toto 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-10 09:49:34 -04:00
Zach Steindler
c96fb7c553 Updates from linter feedback 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-09 17:34:45 -04:00
Zach Steindler
643f4031b2 Add support to attestation command for more predicate types. 
Before, we required all attestations have predicateType
https://slsa.dev/provenance/v1. This allows you to use other predicate
types, and adds the ability to filter responses from the API for a
particular predicate type.

Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-09 17:26:32 -04:00
Andy Feller
88a7e529ab
Merge pull request #8762 from Ebonsignori/8761/allow-multiple-items-in-nested-array 
allow multiple items in nested array
 2024-04-09 14:23:19 -04:00
Andy Feller
6a55528882
Merge pull request #8899 from babakks/8679-include-num-selected-repos 
Include `numSelectedRepos` in JSON output of `gh secret list`
 2024-04-09 13:18:50 -04:00
William Martin
61584b83cb Close zip file in run view tests 2024-04-08 16:50:43 +02:00
William Martin
bbeccd69ad Ensure run log cache creates cache dir if it doesn't exist 2024-04-08 15:51:29 +02:00
Babak K. Shandiz
8839ee7ddf
Test --skip-ssh-key is captured correctly 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-06 13:11:02 +01:00
Babak K. Shandiz
0a77c56c44
Add test to verify skipped SSH key prompts 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-06 12:47:09 +01:00
Babak K. Shandiz
cf9699bbbb
Add --skip-ssh-key to options 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-06 12:46:05 +01:00
Babak K. Shandiz
3a3450fec5
Add SkipSSHKey field to LoginOptions 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-06 12:45:26 +01:00
Andy Feller
b722dd4151 Add tests for non-happy field paths 
This commit as a suite of test around different combination of `gh api` field scenarios that result in errors.

In the course of creating this test, there were 2 scenarios that did not raise an error as expected involving overriding an existing map value.
 2024-04-05 17:21:28 -04:00
William Martin
9738d68bba Fix api cache test 2024-04-05 16:47:29 +02:00
William Martin
b6239238c8
Merge pull request #8931 from cli/wm/run-log-cache-stronger-abstraction 
Create stronger run log cache abstraction
 2024-04-05 16:00:28 +02:00
William Martin
c2aee1e402 Ensure cache dir is always available in RunLogCache 2024-04-05 15:39:33 +02:00
William Martin
103586a94c Remove RunLogCache interface 2024-04-05 15:33:49 +02:00
William Martin
a3ffc1ca33 Use real Run Log Cache in run view tests 2024-04-05 15:18:18 +02:00
William Martin
e644dc50d6 Capture error on Run Log Cache Exists 2024-04-05 15:16:12 +02:00
Andy Feller
b0a3975948
Merge pull request #8882 from zdrve/zdrve/job-name-prefix 
Anchor the log filename to the start
 2024-04-05 09:11:50 -04:00
William Martin
a89d50fc63 Rework Run Log Cache so that cache dir is injected 2024-04-05 14:59:24 +02:00
Andy Feller
1540a37fee
Merge branch 'trunk' into fix-cannot-lock-pr-url 2024-04-05 08:13:44 -04:00
Babak K. Shandiz
d034a69164
Add comment to explain showSelectedReposInfo assignment 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-04 20:09:28 +01:00