STACKITGit/cli - Git hosting by STACKIT

Author	SHA1	Message	Date
Meredith Lancaster	93c78a2134	use sigstore specific err Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-30 15:28:34 -06:00
Meredith Lancaster	b44c9d3003	undo policy method changes Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-30 15:23:50 -06:00
Meredith Lancaster	3378b546da	simplify if else logic Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-30 12:58:40 -06:00
Meredith Lancaster	41c3ba5fa7	drop sigstore instance for now Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 18:19:19 -06:00
Meredith Lancaster	e16b69bd08	cert extension funcs are now policy methods Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 17:27:47 -06:00
Meredith Lancaster	e5b2b09a6e	move policy functions into methods Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 16:41:17 -06:00
Meredith Lancaster	704de0cf37	start building a separate policy struct Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-10-29 15:33:24 -06:00
Tyler McGoffin	81591a09b8	Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname	2024-10-15 11:56:43 -07:00
Brian DeHamer	2e13ec5d80	Merge pull request #9616 from cli/bdehamer/custom-issuer-error Better messaging for `attestation verify` custom issuer mismatch error	2024-09-16 12:52:12 -07:00
Brian DeHamer	8c8423aa3d	better error for att verify custom issuer mismatch Signed-off-by: Brian DeHamer <bdehamer@github.com> Co-authored-by: Zach Steindler <steiza@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-09-16 12:38:12 -07:00
William Martin	352737cb60	Use api subdomains for commands using ghinstance package	2024-09-13 15:03:36 +02:00
Brian DeHamer	f128ae8349	add att verify test for custom OIDC issuer Signed-off-by: Brian DeHamer <bdehamer@github.com>	2024-09-11 12:49:06 -07:00
Fredrik Skogman	1b59ec8ad0	This commit introduces tenancy aware attestation policy building. This is done by inspecting the current hostname to determine if tenancy is enabled. The attestation commands also accepts a --hostname parameter, that is used to pick the current host, similar to how the GH_HOST variable can be used. Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>	2024-09-11 10:49:17 +02:00
Cody Soyland	b14e430441	Check for nil values to prevent nil dereference panic Signed-off-by: Cody Soyland <codysoyland@github.com>	2024-09-06 15:22:43 -04:00
ejahnGithub	0d38a2fd8e	fixed the test	2024-08-21 10:52:42 -04:00
ejahnGithub	3fd309bdde	rename flag to bundle-from-oci	2024-08-19 10:29:01 -04:00
ejahnGithub	05891965d0	udpate the options	2024-08-15 11:56:28 -04:00
ejahnGithub	5ae03d6e87	addded more test	2024-08-12 07:10:19 -07:00
ejahnGithub	57aea664e5	added test	2024-08-07 10:10:59 -07:00
ejahnGithub	8d17896080	refactor the logic and logging	2024-08-05 12:25:52 -07:00
ejahnGithub	20d3931427	tmp	2024-08-05 09:11:25 -07:00
ejahnGithub	1eaf712dd1	update test and remove logic to check SourceRepositoryOwnerURI is empty string	2024-07-31 07:29:43 -07:00
ejahnGithub	596ee8bd71	update test	2024-07-30 13:22:49 -07:00
ejahnGithub	580ddf6997	minor fix	2024-07-30 13:14:16 -07:00
ejahnGithub	e21e5ef5c5	update test	2024-07-30 13:09:28 -07:00
ejahnGithub	dc4e9cb532	handle attest case insensitivity	2024-07-30 12:11:25 -07:00
Zach Steindler	658f125ab3	Update sigstore-go in gh CLI to v0.5.1 (#9366 ) Signed-off-by: Zach Steindler <steiza@github.com>	2024-07-25 20:59:39 +02:00
Zach Steindler	f972050dc9	gh attestation trusted-root subcommand (#9206 ) Adds `trusted-root` subcommand to `gh attestation`. For use in upcoming docs on how to do offline verification with artifact attestations. --------- Signed-off-by: Zach Steindler <steiza@github.com> Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>	2024-07-01 11:50:39 -04:00
Phill MV	c9f9fac7dc	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller <andyfeller@github.com>	2024-06-24 13:33:10 -04:00
Phill MV	c25dacc33e	Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller <andyfeller@github.com>	2024-06-24 13:32:51 -04:00
Phill MV	06607d3e95	s/originated/caller/ workflow	2024-06-24 10:05:58 -04:00
Phill MV	152607e0e8	Removed beta note from `gh at verify`, clarified reusable workflows use case.	2024-06-23 21:53:09 -04:00
Phill MV	e8a13cfed3	replaced deprecated --json-result flag with --format=json in the gh at docstring.	2024-06-04 15:52:54 -04:00
Meredith Lancaster	cd5562f5ac	Add `signer-repo` and `signer-workflow` flags to `gh attestation verify` (#9137 ) * add signer-repo and signer-workflow flags Signed-off-by: Meredith Lancaster <malancas@github.com> * add check for SignerRepo option Signed-off-by: Meredith Lancaster <malancas@github.com> * add helper function and comment for clarity Signed-off-by: Meredith Lancaster <malancas@github.com> * update flag comment Signed-off-by: Meredith Lancaster <malancas@github.com> * reference correct field Signed-off-by: Meredith Lancaster <malancas@github.com> * move function to more relevant file Signed-off-by: Meredith Lancaster <malancas@github.com> * Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Zach Steindler <steiza@github.com> * Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Zach Steindler <steiza@github.com> * make all reusable workflow flags mutually exclusive Signed-off-by: Meredith Lancaster <malancas@github.com> * accept signer workflow without host Signed-off-by: Meredith Lancaster <malancas@github.com> * support client optionally providing host with signer workflow flag Signed-off-by: Meredith Lancaster <malancas@github.com> * comment Signed-off-by: Meredith Lancaster <malancas@github.com> * add tests for parsing signer workflow Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Zach Steindler <steiza@github.com>	2024-05-30 07:40:55 -06:00
Meredith Lancaster	8d0518645f	Add integration tests for `gh attestation verify` shared workflow use case (#9107 ) * add initial shared workflow use case tests and test data Signed-off-by: Meredith Lancaster <malancas@github.com> * add more shared workflow tests Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup tests Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, replace shared with reusable Signed-off-by: Meredith Lancaster <malancas@github.com> * use demo repository with reusable workflow tests Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-05-28 07:13:34 -06:00
Meredith Lancaster	c9e8fd6c64	Fix `attestation verify` source repository check bug (#9053 ) * add build source repo URI extension when repo is provided, add integration tests for this change Signed-off-by: Meredith Lancaster <malancas@github.com> * add initial docs on specifying cert identity Signed-off-by: Meredith Lancaster <malancas@github.com> * wording Signed-off-by: Meredith Lancaster <malancas@github.com> * add reusable workflow example Signed-off-by: Meredith Lancaster <malancas@github.com> * add more test cases Signed-off-by: Meredith Lancaster <malancas@github.com> * tweak to verify docs --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-05-08 07:44:52 -06:00
Phill MV	5619251faa	Tweaked gh attestation help strings to generate nicer cli manual site.	2024-04-29 16:24:54 -04:00
Andy Feller	d51ae5ced9	Update attestation's beta designation	2024-04-29 14:45:20 -04:00
Andy Feller	0740c00f0a	Add beta designation on attestation command set With the `gh attestation` command set going into public beta, users should be reminded the feature is in beta and subject to change. Both the short and long help usage are updated for individual command `--help` as well as `gh reference`.	2024-04-29 12:46:01 -04:00
Andy Feller	68dfd87f47	Merge pull request #9000 from cli/andyfeller/flag-level-disableauth proof of concept for flag-level disable auth check	2024-04-29 12:15:49 -04:00
Andy Feller	cc36d32a21	Test `gh at verify -b` does not require auth Thanks to @williammartin, this completes the PR by ensuring the actual feature this new logic was added for actually works as expected :D	2024-04-29 12:02:41 -04:00
William Martin	6d8709bdd7	Merge pull request #8997 from steiza/steiza/attestation-verify-offline Support offline mode for `gh attestation verify`	2024-04-29 12:22:08 +02:00
Zach Steindler	1aefeec71b	Use cmdutil.ExactArgs instead of MinimumArgs; also add tests Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-25 15:41:49 -04:00
Andy Feller	2d910406c6	proof of concept for flag-level disable auth check Building upon the existing command-level disable auth check logic, this commit adds flag-level disable auth check logic for any flag set with `-b,--bundle` flag of `gh attestation verify` being the first use case. Subsequent commit to build out testing is needed as IsAuthCheckEnabled does not have tests.	2024-04-25 09:28:49 -04:00
Meredith Lancaster	63640b16a7	Update `gh attestation verify` output (#8991 ) * start updating default verify cmd output Signed-off-by: Meredith Lancaster <malancas@github.com> * start adding support for printing a table of attestation details Signed-off-by: Meredith Lancaster <malancas@github.com> * extract attestation details from verification result Signed-off-by: Meredith Lancaster <malancas@github.com> * condense logging Signed-off-by: Meredith Lancaster <malancas@github.com> * update logging from feedback Signed-off-by: Meredith Lancaster <malancas@github.com> * update error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup more error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * include test data for printing to table in the mock sigstore verifier response Signed-off-by: Meredith Lancaster <malancas@github.com> * fix linter err Signed-off-by: Meredith Lancaster <malancas@github.com> * Update pkg/cmd/attestation/verification/mock_verifier.go Co-authored-by: Phill MV <phillmv@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-04-24 14:03:35 -06:00
Zach Steindler	d9f7b922d0	Support offline mode for `gh attestation verify` The main change is previously we always instantiated a TUF client for the public good and GitHub Sigstore instances. Now we only instantiate the TUF client we need, or no client if we are provided a custom trusted root. Note that `gh attestation verify` still requires authentication, that is being addressed in https://github.com/cli/cli/pull/8995. Some other changes are coming along for the ride: - Set TUF cache validity to 1 day, to help serial verification - Attempt to infer verification policy based on custom trusted root - Make command output more friendly if you leave off required arguments Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 10:24:23 -04:00
Andy Feller	a42450e9a3	Merge pull request #8949 from steiza/steiza/multi-attestation Add support to `attestation` command for more predicate types.	2024-04-12 11:12:59 -04:00
Meredith Lancaster	02158e896b	Fix `attestation` cmd offline unit test failure (#8933 ) * pass policy to Verify method Signed-off-by: Meredith Lancaster <malancas@github.com> * remove policy argument from SigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * add SigstoreVerifier interface and introduce mock SigstoreVerifier struct for unit testing Signed-off-by: Meredith Lancaster <malancas@github.com> * gofmt Signed-off-by: Meredith Lancaster <malancas@github.com> * rename LiveSigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, add todos for tests that need to be reimplemented Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unused import Signed-off-by: Meredith Lancaster <malancas@github.com> * add more missing TODO statements Signed-off-by: Meredith Lancaster <malancas@github.com> * update skipped test Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-11 18:09:10 -06:00
Zach Steindler	f0a1e2707c	Change subcommands default to be more user friendly Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-10 10:11:33 -04:00
Zach Steindler	c96fb7c553	Updates from linter feedback Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-09 17:34:45 -04:00

1 2

52 commits