STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8007 commits 87 branches 0 tags 160 MiB
Commit graph

108 commits

Author SHA1 Message Date
Brian DeHamer
5f60b3ca3e
Merge branch 'trunk' into bdehamer/att-trusted-root-tenant-aware 2024-09-20 09:22:40 -07:00
Brian DeHamer
8123de9722
fix tenant-awareness for trusted-root command 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-18 14:05:04 -07:00
bagtoad
d8e77d256f Use new HasActiveToken method in trustedroot.go 2024-09-18 10:35:11 -06:00
Brian DeHamer
3bcedfe7f0
Update pkg/cmd/attestation/trustedroot/trustedroot_test.go 
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-09-17 14:18:00 -07:00
Brian DeHamer
cbe8525321
enforce auth for tenancy 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-16 13:52:57 -07:00
Brian DeHamer
8e8fc696f1
disable auth check for att trusted-root cmd 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-16 12:55:18 -07:00
Brian DeHamer
2e13ec5d80
Merge pull request #9616 from cli/bdehamer/custom-issuer-error 
Better messaging for `attestation verify` custom issuer mismatch error
 2024-09-16 12:52:12 -07:00
Brian DeHamer
8c8423aa3d
better error for att verify custom issuer mismatch 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Zach Steindler <steiza@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
 2024-09-16 12:38:12 -07:00
Andy Feller
d108784d7f
Merge pull request #9618 from cli/wm/tenant-api 
Use api subdomains for tenant hosts
 2024-09-16 09:53:44 -04:00
Meredith Lancaster
0f42ee46f0
Merge pull request #9612 from cli/bdehamer/attest-verify-no-tty 
Suppress `attestation verify` output when no TTY present
 2024-09-13 10:01:02 -06:00
Meredith Lancaster
e381d54511
Merge pull request #9564 from malancas/verification-err-output 
Update `gh attestation verify` bundle parsing and validation errors
 2024-09-13 09:27:07 -06:00
William Martin
352737cb60 Use api subdomains for commands using ghinstance package 2024-09-13 15:03:36 +02:00
Brian DeHamer
677edbac77
suppress att verify output when no tty 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-12 09:40:47 -07:00
Brian DeHamer
f128ae8349
add att verify test for custom OIDC issuer 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-09-11 12:49:06 -07:00
Fredrik Skogman
1b59ec8ad0
This commit introduces tenancy aware attestation policy building. 
This is done by inspecting the current hostname to determine if
tenancy is enabled.

The attestation commands also accepts a --hostname parameter, that
is used to pick the current host, similar to how the GH_HOST variable
can be used.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
 2024-09-11 10:49:17 +02:00
Meredith Lancaster
50d335566d check specific err 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-10 10:47:06 -06:00
Meredith Lancaster
3814e82f9b check err in GetLocalAttestations 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-10 10:32:46 -06:00
Meredith Lancaster
f748f9e65f Merge remote-tracking branch 'upstream/trunk' into verification-err-output 2024-09-10 09:04:57 -06:00
Meredith Lancaster
83519e4e92 check for sigstore-go validation errs 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-10 07:54:45 -06:00
William Martin
78c1d00ecc
Merge pull request #9577 from cli/move-non-integration-test 
Move non-integration tests to different test file
 2024-09-10 15:43:25 +02:00
Meredith Lancaster
bbefc5b24f handle os.PathError in GetLocalAttestations 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-09 08:53:11 -06:00
Meredith Lancaster
945e2b7eee
Merge branch 'trunk' into verification-err-output 2024-09-09 08:23:01 -06:00
Cody Soyland
b14e430441
Check for nil values to prevent nil dereference panic 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-06 15:22:43 -04:00
Cody Soyland
500b619a5e
Move non-integration test to different test file 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-06 13:55:25 -04:00
Meredith Lancaster
668706ccf5 print verify err 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-05 13:29:22 -06:00
Meredith Lancaster
57b20291bd check for os.PathError 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-05 13:20:13 -06:00
Meredith Lancaster
7c405e8b6e dont print err content 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-05 08:16:34 -06:00
Cody Soyland
ea1a3da1eb
Rename ProtobufBundle to Bundle 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-04 16:45:02 -04:00
Cody Soyland
8446079656
Upgrade to sigstore-go v0.6.1 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-09-04 16:38:13 -04:00
Meredith Lancaster
1b67b354a9 update bundle file parsing err messages 
Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-04 13:30:30 -06:00
Meredith Lancaster
34d7ef7a0e
gh attestation verify handles empty JSONL files (#9541) 
* handle empty jsonl files

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check processed attestations slice length

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update err name and message

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2024-09-04 10:31:41 -06:00
Aryan Bhosale
9a0a7d427e
verify 2nd artifact without swapping order (#9532) 
* verify 2nd artifact without swapping order

possible solution to https://github.com/cli/cli/issues/9521#issuecomment-2310686619?

* copy the mentioned test file and adds some extra lines

* rm unnecessary import

* Update pkg/cmd/attestation/verification/attestation_test.go

Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>

* gofmt

---------

Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>
 2024-09-04 08:57:56 -06:00
Aryan Bhosale
8305a49c3f
"offline" verification using the bundle of attestations without any additional handling of the file (#9523) 2024-08-26 09:58:29 -06:00
Eugene
e21d053faf
Merge branch 'trunk' into eugene/attestation/fetch-oci-bundle 2024-08-21 12:24:08 -04:00
ejahnGithub
0d38a2fd8e fixed the test 2024-08-21 10:52:42 -04:00
ejahnGithub
47a8f4bbdd update error message 2024-08-20 16:14:39 -04:00
ejahnGithub
3fd309bdde rename flag to bundle-from-oci 2024-08-19 10:29:01 -04:00
Eugene
04e111db03
Merge branch 'trunk' into eugene/attestation/fetch-oci-bundle 2024-08-15 13:31:41 -04:00
Cody Soyland
4618a267de
Update attestation TUF root 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-08-15 13:06:54 -04:00
ejahnGithub
05891965d0 udpate the options 2024-08-15 11:56:28 -04:00
ejahnGithub
5ae03d6e87 addded more test 2024-08-12 07:10:19 -07:00
Cody Soyland
35b2cf70cf
Change to requiring bundle v0.2 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-08-09 16:36:16 -04:00
Cody Soyland
b783441540
Fix tests 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-08-09 16:14:04 -04:00
Cody Soyland
574e131072
Require Sigstore Bundle v0.3 when verifying with gh attestation 
Signed-off-by: Cody Soyland <codysoyland@github.com>
 2024-08-09 16:02:04 -04:00
Eugene
cc0fe091c4
Merge branch 'trunk' into eugene/attestation/fetch-oci-bundle 2024-08-07 10:21:34 -07:00
ejahnGithub
832a43072c minor fixed 2024-08-07 10:19:47 -07:00
ejahnGithub
d1cd69c81c minor fixed 2024-08-07 10:16:30 -07:00
ejahnGithub
57aea664e5 added test 2024-08-07 10:10:59 -07:00
ejahnGithub
bad127c342 clean naming 2024-08-05 12:56:35 -07:00
ejahnGithub
8ae4f1cfb9 add contain check 2024-08-05 12:53:43 -07:00