STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7452 commits 87 branches 0 tags 160 MiB
Commit graph

7452 commits

This branch
This branch
All branches
Author SHA1 Message Date
Phill MV
9523a99325 whitespace alignment in attestation/attestation.go 2024-04-29 16:38:35 -04:00
Phill MV
ce61fd8a06 Added tweaked note to tuf-root-verify 2024-04-29 16:31:28 -04:00
Phill MV
5619251faa Tweaked gh attestation help strings to generate nicer cli manual site. 2024-04-29 16:24:54 -04:00
Andy Feller
f5430ced2d
Merge pull request #9022 from cli/andyfeller/attestation-beta-usage 
Add beta designation on attestation command set
 2024-04-29 14:57:56 -04:00
Andy Feller
d51ae5ced9 Update attestation's beta designation 2024-04-29 14:45:20 -04:00
Andy Feller
57ca29b4b8
Merge pull request #9019 from cli/wm/attestation-host-checks 
Be more general with attestation host checks
 2024-04-29 13:44:21 -04:00
Andy Feller
0740c00f0a Add beta designation on attestation command set 
With the `gh attestation` command set going into public beta, users should be reminded the feature is in beta and subject to change.

Both the short and long help usage are updated for individual command `--help` as well as `gh reference`.
 2024-04-29 12:46:01 -04:00
Andy Feller
68dfd87f47
Merge pull request #9000 from cli/andyfeller/flag-level-disableauth 
proof of concept for flag-level disable auth check
 2024-04-29 12:15:49 -04:00
Andy Feller
cc36d32a21 Test gh at verify -b does not require auth 
Thanks to @williammartin, this completes the PR by ensuring the actual feature this new logic was added for actually works as expected :D
 2024-04-29 12:02:41 -04:00
William Martin
ef51cad663 Use ghinstance package for attestation host checks 2024-04-29 17:08:22 +02:00
Andy Feller
8e3afe55df Test cmdutil.IsAuthCheckEnabled cases 
This commit adds various test cases around whether a command will require authentication based on Cobra annotation metadata.
 2024-04-29 10:02:01 -04:00
Babak K. Shandiz
7c4e45cc9d
Fix issue with closing pager stream (#9020) 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-29 15:48:08 +02:00
Babak K. Shandiz
7d432bcd3a
Support long URLs in gh repo clone (#9008) 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-29 14:42:18 +02:00
Meredith Lancaster
1a35ce38ad check for enterprise host 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-29 14:06:22 +02:00
Andy Feller
f9f4c99010
Merge pull request #9007 from babakks/8960-add-projectsV2-field 
Add `projectsV2` to JSON fields of `gh repo` commands
 2024-04-29 07:52:51 -04:00
Andy Feller
d611ed4bf0 Add missing title field for projectv2 2024-04-29 07:42:53 -04:00
William Martin
6d8709bdd7
Merge pull request #8997 from steiza/steiza/attestation-verify-offline 
Support offline mode for `gh attestation verify`
 2024-04-29 12:22:08 +02:00
Babak K. Shandiz
985dee0e05
Match query fields with ProjectV2 type 
Co-authored-by: Andy Feller <andyfeller@github.com>
 2024-04-26 22:59:01 +01:00
Babak K. Shandiz
b294f6b3e1
Include URL in ProjectV2 type 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-26 21:06:33 +01:00
Babak K. Shandiz
9e1f9d6101
Include projectsV2 in GraphQL query 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-26 21:06:29 +01:00
William Martin
fc2aec380d
Merge pull request #8996 from cli/wm/improve-verify-error-messages 
Improve errors when loading bundle locally fails
 2024-04-26 17:48:37 +02:00
William Martin
cf2060ce9a Remove unnecessary defensive check 2024-04-26 17:20:26 +02:00
William Martin
439c95c55e Test verification failures when attestations are bad 2024-04-26 17:20:04 +02:00
William Martin
a0c06e170e Rework sigstore tests for easier maintenance 2024-04-26 16:56:13 +02:00
William Martin
054b306d09 Make error more obvious when bundle has wrong extension 2024-04-26 16:23:56 +02:00
Nero Blackstone​
93113e12ea
Add colon at the end of secret prompts (#9004) 2024-04-26 12:58:45 +02:00
Zach Steindler
1aefeec71b Use cmdutil.ExactArgs instead of MinimumArgs; also add tests 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-25 15:41:49 -04:00
Andy Feller
2d910406c6 proof of concept for flag-level disable auth check 
Building upon the existing command-level disable auth check logic, this commit adds flag-level disable auth check logic
for any flag set with `-b,--bundle` flag of `gh attestation verify` being the first use case.

Subsequent commit to build out testing is needed as IsAuthCheckEnabled does not have tests.
 2024-04-25 09:28:49 -04:00
Meredith Lancaster
28c4d3075b
remove hidden flag from attestation command (#8998) 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-25 07:27:00 -06:00
William Martin
156a697407
Merge pull request #8989 from cli/dependabot/go_modules/google.golang.org/grpc-1.62.2 
build(deps): bump google.golang.org/grpc from 1.62.1 to 1.62.2
 2024-04-25 15:02:07 +02:00
Meredith Lancaster
63640b16a7
Update gh attestation verify output (#8991) 
* start updating default verify cmd output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start adding support for printing a table of attestation details

Signed-off-by: Meredith Lancaster <malancas@github.com>

* extract attestation details from verification result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* condense logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update logging from feedback

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup more error logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include test data for printing to table in the mock sigstore verifier response

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter err

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update pkg/cmd/attestation/verification/mock_verifier.go

Co-authored-by: Phill MV <phillmv@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-04-24 14:03:35 -06:00
Zach Steindler
caf0546a11 Just base verification policy on trusted root, not bundle 
Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 11:02:53 -04:00
Zach Steindler
d9f7b922d0 Support offline mode for gh attestation verify 
The main change is previously we always instantiated a TUF client for
the public good and GitHub Sigstore instances. Now we only instantiate
the TUF client we need, or no client if we are provided a
custom trusted root.

Note that `gh attestation verify` still requires authentication, that is
being addressed in https://github.com/cli/cli/pull/8995.

Some other changes are coming along for the ride:
- Set TUF cache validity to 1 day, to help serial verification
- Attempt to infer verification policy based on custom trusted root
- Make command output more friendly if you leave off required arguments

Signed-off-by: Zach Steindler <steiza@github.com>
 2024-04-24 10:24:23 -04:00
dependabot[bot]
6e400aecdd
build(deps): bump google.golang.org/grpc from 1.62.1 to 1.62.2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.62.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.62.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-23 14:35:56 +00:00
Meredith Lancaster
e30dd40c9e
gh attestation tuf-root-verify offline test fix (#8975) 
* pass TUF client constructor as an arugment for offline unit testing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update func name

Signed-off-by: Meredith Lancaster <malancas@github.com>

* simplify naming

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pr feedback, rename type

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-23 07:54:45 -06:00
Meredith Lancaster
c465d465a5
Update sigstore-go dependency to v0.3.0 (#8977) 
* update sigstore-go dep to v0.3.0

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add integration test to verify newer sigstore bundle versions

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Fix shellcheck issues

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Give the cli/package-security team ownership over gh attestation cmd integration tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fetch attestation file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up new integration test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* try pulling other attestation file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup new attestation verify integration test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add new gh atestation integration test to workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

* mark script as executable

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename the integration test file

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-04-23 07:07:23 -06:00
William Martin
8181c62382
Merge pull request #8981 from cli/dependabot/go_modules/golang.org/x/net-0.23.0 
build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0
 2024-04-22 12:34:12 +02:00
dependabot[bot]
159ce961b0
build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-19 13:16:58 +00:00
William Martin
1319d2cee5
Merge pull request #8969 from sochotnicky/improve-rerun-docs 
Improve gh run rerun docs
 2024-04-17 14:39:15 +02:00
Stanislav Ochotnický
4aa18a9b9a Make it clearer that job flag is meant to be an ID 2024-04-17 13:53:55 +02:00
Stanislav Ochotnický
40be4b366c Ignore run-id when providing also job for rerun 
This makes the behaviour consistent with gh run view.
 2024-04-17 13:49:16 +02:00
William Martin
fd4f2c9c1f
Merge pull request #8620 from heaths/merge-json 
Merge JSON responses from `gh api`
 2024-04-17 11:45:13 +02:00
richterdavid
8009e79113
Update install_linux.md (#8950) 
Co-authored-by: richterdavid <richterdavid@nospam.me>
Co-authored-by: William Martin <williammartin@github.com>
 2024-04-16 17:37:25 +02:00
Heath Stewart
2758b80013
Remove unnecessary --help comment 2024-04-15 21:38:16 -07:00
Matthew Hughes
71404e7a6f
Fix go directive in go.mod (#8956) 2024-04-15 16:58:19 +02:00
Andy Feller
e069ab3b6c
Merge pull request #8935 from babakks/8508-add-skip-ssh-key-option 2024-04-15 10:03:51 -04:00
William Martin
05b37e70b2
Merge pull request #8957 from matthewhughes934/fix-go-ci-cache-contention 
Fix cache contention in Go CI jobs
 2024-04-15 12:29:41 +02:00
William Martin
22bc365365
Merge pull request #8958 from matthewhughes934/tidy-go-mod 
Tidy `go.mod`
 2024-04-15 12:24:15 +02:00
Babak K. Shandiz
1992fdeb1a
Use filepath.Join to support different platforms 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-14 00:09:53 +01:00
Babak K. Shandiz
d241259d4e
Run go mod tidy 
Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>
 2024-04-13 21:17:36 +01:00