STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7745 commits 87 branches 0 tags 160 MiB
Commit graph

56 commits

Author SHA1 Message Date
Yukai Chou
d7b8ecf33d Unify use of tab indent in non-test source files 
Found with
    rg '(^ | \t|\t )' -g '*.go' -g '!*_test.go'

Mixed indent exceptions:
- wrapped long list items with extra 2-space indent
- code snippets using space indent
- commented code lines having "\t*// \t+" prefix
 2024-08-03 00:35:30 +08:00
ejahnGithub
1eaf712dd1 update test and remove logic to check SourceRepositoryOwnerURI is empty string 2024-07-31 07:29:43 -07:00
ejahnGithub
596ee8bd71 update test 2024-07-30 13:22:49 -07:00
ejahnGithub
580ddf6997 minor fix 2024-07-30 13:14:16 -07:00
ejahnGithub
e21e5ef5c5 update test 2024-07-30 13:09:28 -07:00
ejahnGithub
c1adb1a6cf added 2024-07-30 12:24:27 -07:00
ejahnGithub
dc4e9cb532 handle attest case insensitivity 2024-07-30 12:11:25 -07:00
Zach Steindler
658f125ab3
Update sigstore-go in gh CLI to v0.5.1 (#9366) 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-07-25 20:59:39 +02:00
Zach Steindler
a81a1f7e90
Remove attestation test that requires being online (#9340) 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-07-19 09:24:47 -04:00
Zach Steindler
f972050dc9
gh attestation trusted-root subcommand (#9206) 
Adds `trusted-root` subcommand to `gh attestation`.

For use in upcoming docs on how to do offline verification with artifact
attestations.

---------

Signed-off-by: Zach Steindler <steiza@github.com>
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-07-01 11:50:39 -04:00
Phill MV
c9f9fac7dc
Update pkg/cmd/attestation/verify/verify.go 
Co-authored-by: Andy Feller <andyfeller@github.com>
 2024-06-24 13:33:10 -04:00
Phill MV
c25dacc33e
Update pkg/cmd/attestation/verify/verify.go 
Co-authored-by: Andy Feller <andyfeller@github.com>
 2024-06-24 13:32:51 -04:00
Phill MV
06607d3e95 s/originated/caller/ workflow 2024-06-24 10:05:58 -04:00
William Martin
d7c56bfb13 Remove beta note from attestation top level command 2024-06-24 15:46:00 +02:00
William Martin
846b6ec20b Fix whitespacing 2024-06-24 15:41:22 +02:00
Phill MV
8318e7a1de
Actually, let's keep download in beta for now. 2024-06-24 09:32:32 -04:00
Phill MV
40abc9a785 Removed beta note from gh at download. 2024-06-23 21:54:01 -04:00
Phill MV
152607e0e8 Removed beta note from gh at verify, clarified reusable workflows use case. 2024-06-23 21:53:09 -04:00
Forrin
c572383bda
Attestation Verification - Buffer Fix (#9198) 
* swap scanner to readline for attestations
* replace readLine with readBytes
 2024-06-14 13:55:58 -04:00
Phill MV
e8a13cfed3 replaced deprecated --json-result flag with --format=json in the gh at docstring. 2024-06-04 15:52:54 -04:00
Meredith Lancaster
cd5562f5ac
Add signer-repo and signer-workflow flags to gh attestation verify (#9137) 
* add signer-repo and signer-workflow flags

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add check for SignerRepo option

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add helper function and comment for clarity

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update flag comment

Signed-off-by: Meredith Lancaster <malancas@github.com>

* reference correct field

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move function to more relevant file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update pkg/cmd/attestation/verify/verify.go

Co-authored-by: Zach Steindler <steiza@github.com>

* Update pkg/cmd/attestation/verify/verify.go

Co-authored-by: Zach Steindler <steiza@github.com>

* make all reusable workflow flags mutually exclusive

Signed-off-by: Meredith Lancaster <malancas@github.com>

* accept signer workflow without host

Signed-off-by: Meredith Lancaster <malancas@github.com>

* support client optionally providing host with signer workflow flag

Signed-off-by: Meredith Lancaster <malancas@github.com>

* comment

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add tests for parsing signer workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Zach Steindler <steiza@github.com>
 2024-05-30 07:40:55 -06:00
Meredith Lancaster
8d0518645f
Add integration tests for gh attestation verify shared workflow use case (#9107) 
* add initial shared workflow use case tests and test data

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more shared workflow tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, replace shared with reusable

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use demo repository with reusable workflow tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-05-28 07:13:34 -06:00
Viktor Szépe
6d9dd57774 Fix typos 2024-05-09 20:15:27 +00:00
Meredith Lancaster
c9e8fd6c64
Fix attestation verify source repository check bug (#9053) 
* add build source repo URI extension when repo is provided, add integration tests for this change

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add initial docs on specifying cert identity

Signed-off-by: Meredith Lancaster <malancas@github.com>

* wording

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add reusable workflow example

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more test cases

Signed-off-by: Meredith Lancaster <malancas@github.com>

* tweak to verify docs

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-05-08 07:44:52 -06:00
Meredith Lancaster
6f350827d2
Run attestation command set integration tests separately (#9035) 
* rename and add integration build tag

Signed-off-by: Meredith Lancaster <malancas@github.com>

* run tests that include integration build tag in workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-05-02 08:07:44 -06:00
Phill MV
38ee906acc whitespace aligment for inspect/inspect.go 2024-04-29 16:40:30 -04:00
Phill MV
9523a99325 whitespace alignment in attestation/attestation.go 2024-04-29 16:38:35 -04:00
Phill MV
ce61fd8a06 Added tweaked note to tuf-root-verify 2024-04-29 16:31:28 -04:00
Phill MV
5619251faa Tweaked gh attestation help strings to generate nicer cli manual site. 2024-04-29 16:24:54 -04:00
Andy Feller
f5430ced2d
Merge pull request #9022 from cli/andyfeller/attestation-beta-usage 
Add beta designation on attestation command set
 2024-04-29 14:57:56 -04:00
Andy Feller
d51ae5ced9 Update attestation's beta designation 2024-04-29 14:45:20 -04:00
Andy Feller
57ca29b4b8
Merge pull request #9019 from cli/wm/attestation-host-checks 
Be more general with attestation host checks
 2024-04-29 13:44:21 -04:00
Andy Feller
0740c00f0a Add beta designation on attestation command set 
With the `gh attestation` command set going into public beta, users should be reminded the feature is in beta and subject to change.

Both the short and long help usage are updated for individual command `--help` as well as `gh reference`.
 2024-04-29 12:46:01 -04:00
Andy Feller
68dfd87f47
Merge pull request #9000 from cli/andyfeller/flag-level-disableauth 
proof of concept for flag-level disable auth check
 2024-04-29 12:15:49 -04:00
Andy Feller
cc36d32a21 Test gh at verify -b does not require auth 
Thanks to @williammartin, this completes the PR by ensuring the actual feature this new logic was added for actually works as expected :D
 2024-04-29 12:02:41 -04:00
William Martin
ef51cad663 Use ghinstance package for attestation host checks 2024-04-29 17:08:22 +02:00
Meredith Lancaster
1a35ce38ad check for enterprise host 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-29 14:06:22 +02:00
William Martin
6d8709bdd7
Merge pull request #8997 from steiza/steiza/attestation-verify-offline 
Support offline mode for `gh attestation verify`
 2024-04-29 12:22:08 +02:00
William Martin
cf2060ce9a Remove unnecessary defensive check 2024-04-26 17:20:26 +02:00
William Martin
439c95c55e Test verification failures when attestations are bad 2024-04-26 17:20:04 +02:00
William Martin
a0c06e170e Rework sigstore tests for easier maintenance 2024-04-26 16:56:13 +02:00
William Martin
054b306d09 Make error more obvious when bundle has wrong extension 2024-04-26 16:23:56 +02:00
Zach Steindler
1aefeec71b Use cmdutil.ExactArgs instead of MinimumArgs; also add tests 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-25 15:41:49 -04:00
Andy Feller
2d910406c6 proof of concept for flag-level disable auth check 
Building upon the existing command-level disable auth check logic, this commit adds flag-level disable auth check logic
for any flag set with `-b,--bundle` flag of `gh attestation verify` being the first use case.

Subsequent commit to build out testing is needed as IsAuthCheckEnabled does not have tests.
 2024-04-25 09:28:49 -04:00
Meredith Lancaster
28c4d3075b
remove hidden flag from attestation command (#8998) 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-25 07:27:00 -06:00
Meredith Lancaster
63640b16a7
Update gh attestation verify output (#8991) 
* start updating default verify cmd output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start adding support for printing a table of attestation details

Signed-off-by: Meredith Lancaster <malancas@github.com>

* extract attestation details from verification result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* condense logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update logging from feedback

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup more error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include test data for printing to table in the mock sigstore verifier response

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter err

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update pkg/cmd/attestation/verification/mock_verifier.go

Co-authored-by: Phill MV <phillmv@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-04-24 14:03:35 -06:00
Zach Steindler
caf0546a11 Just base verification policy on trusted root, not bundle 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 11:02:53 -04:00
Zach Steindler
d9f7b922d0 Support offline mode for gh attestation verify 
The main change is previously we always instantiated a TUF client for
the public good and GitHub Sigstore instances. Now we only instantiate
the TUF client we need, or no client if we are provided a
custom trusted root.

Note that `gh attestation verify` still requires authentication, that is
being addressed in https://github.com/cli/cli/pull/8995.

Some other changes are coming along for the ride:
- Set TUF cache validity to 1 day, to help serial verification
- Attempt to infer verification policy based on custom trusted root
- Make command output more friendly if you leave off required arguments

Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 10:24:23 -04:00
Meredith Lancaster
e30dd40c9e
gh attestation tuf-root-verify offline test fix (#8975) 
* pass TUF client constructor as an arugment for offline unit testing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update func name

Signed-off-by: Meredith Lancaster <malancas@github.com>

* simplify naming

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, rename type

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-23 07:54:45 -06:00
Andy Feller
a42450e9a3
Merge pull request #8949 from steiza/steiza/multi-attestation 
Add support to `attestation` command for more predicate types.
 2024-04-12 11:12:59 -04:00