STACKITGit/cli - Git hosting by STACKIT

Author	SHA1	Message	Date
Andy Feller	f9f4c99010	Merge pull request #9007 from babakks/8960-add-projectsV2-field Add `projectsV2` to JSON fields of `gh repo` commands	2024-04-29 07:52:51 -04:00
Andy Feller	d611ed4bf0	Add missing title field for projectv2	2024-04-29 07:42:53 -04:00
William Martin	6d8709bdd7	Merge pull request #8997 from steiza/steiza/attestation-verify-offline Support offline mode for `gh attestation verify`	2024-04-29 12:22:08 +02:00
Babak K. Shandiz	985dee0e05	Match query fields with `ProjectV2` type Co-authored-by: Andy Feller <andyfeller@github.com>	2024-04-26 22:59:01 +01:00
Babak K. Shandiz	b294f6b3e1	Include `URL` in `ProjectV2` type Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-26 21:06:33 +01:00
Babak K. Shandiz	9e1f9d6101	Include `projectsV2` in GraphQL query Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-26 21:06:29 +01:00
William Martin	fc2aec380d	Merge pull request #8996 from cli/wm/improve-verify-error-messages Improve errors when loading bundle locally fails	2024-04-26 17:48:37 +02:00
William Martin	cf2060ce9a	Remove unnecessary defensive check	2024-04-26 17:20:26 +02:00
William Martin	439c95c55e	Test verification failures when attestations are bad	2024-04-26 17:20:04 +02:00
William Martin	a0c06e170e	Rework sigstore tests for easier maintenance	2024-04-26 16:56:13 +02:00
William Martin	054b306d09	Make error more obvious when bundle has wrong extension	2024-04-26 16:23:56 +02:00
Nero Blackstone	93113e12ea	Add colon at the end of secret prompts (#9004 )	2024-04-26 12:58:45 +02:00
Zach Steindler	1aefeec71b	Use cmdutil.ExactArgs instead of MinimumArgs; also add tests Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-25 15:41:49 -04:00
Meredith Lancaster	28c4d3075b	remove hidden flag from attestation command (#8998 ) Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-25 07:27:00 -06:00
William Martin	156a697407	Merge pull request #8989 from cli/dependabot/go_modules/google.golang.org/grpc-1.62.2 build(deps): bump google.golang.org/grpc from 1.62.1 to 1.62.2	2024-04-25 15:02:07 +02:00
Meredith Lancaster	63640b16a7	Update `gh attestation verify` output (#8991 ) * start updating default verify cmd output Signed-off-by: Meredith Lancaster <malancas@github.com> * start adding support for printing a table of attestation details Signed-off-by: Meredith Lancaster <malancas@github.com> * extract attestation details from verification result Signed-off-by: Meredith Lancaster <malancas@github.com> * condense logging Signed-off-by: Meredith Lancaster <malancas@github.com> * update logging from feedback Signed-off-by: Meredith Lancaster <malancas@github.com> * update error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup more error logging Signed-off-by: Meredith Lancaster <malancas@github.com> * include test data for printing to table in the mock sigstore verifier response Signed-off-by: Meredith Lancaster <malancas@github.com> * fix linter err Signed-off-by: Meredith Lancaster <malancas@github.com> * Update pkg/cmd/attestation/verification/mock_verifier.go Co-authored-by: Phill MV <phillmv@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Phill MV <phillmv@github.com>	2024-04-24 14:03:35 -06:00
Zach Steindler	caf0546a11	Just base verification policy on trusted root, not bundle Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 11:02:53 -04:00
Zach Steindler	d9f7b922d0	Support offline mode for `gh attestation verify` The main change is previously we always instantiated a TUF client for the public good and GitHub Sigstore instances. Now we only instantiate the TUF client we need, or no client if we are provided a custom trusted root. Note that `gh attestation verify` still requires authentication, that is being addressed in https://github.com/cli/cli/pull/8995. Some other changes are coming along for the ride: - Set TUF cache validity to 1 day, to help serial verification - Attempt to infer verification policy based on custom trusted root - Make command output more friendly if you leave off required arguments Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-24 10:24:23 -04:00
dependabot[bot]	6e400aecdd	build(deps): bump google.golang.org/grpc from 1.62.1 to 1.62.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.62.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.62.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-23 14:35:56 +00:00
Meredith Lancaster	e30dd40c9e	`gh attestation tuf-root-verify` offline test fix (#8975 ) * pass TUF client constructor as an arugment for offline unit testing Signed-off-by: Meredith Lancaster <malancas@github.com> * update func name Signed-off-by: Meredith Lancaster <malancas@github.com> * simplify naming Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, rename type Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-23 07:54:45 -06:00
Meredith Lancaster	c465d465a5	Update `sigstore-go` dependency to v0.3.0 (#8977 ) * update sigstore-go dep to v0.3.0 Signed-off-by: Meredith Lancaster <malancas@github.com> * add integration test to verify newer sigstore bundle versions Signed-off-by: Meredith Lancaster <malancas@github.com> * Fix shellcheck issues Signed-off-by: Meredith Lancaster <malancas@github.com> * Give the cli/package-security team ownership over gh attestation cmd integration tests Signed-off-by: Meredith Lancaster <malancas@github.com> * fetch attestation file Signed-off-by: Meredith Lancaster <malancas@github.com> * clean up new integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * try pulling other attestation file Signed-off-by: Meredith Lancaster <malancas@github.com> * cleanup new attestation verify integration test Signed-off-by: Meredith Lancaster <malancas@github.com> * add new gh atestation integration test to workflow Signed-off-by: Meredith Lancaster <malancas@github.com> * mark script as executable Signed-off-by: Meredith Lancaster <malancas@github.com> * rename the integration test file Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-23 07:07:23 -06:00
William Martin	8181c62382	Merge pull request #8981 from cli/dependabot/go_modules/golang.org/x/net-0.23.0 build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0	2024-04-22 12:34:12 +02:00
dependabot[bot]	159ce961b0	build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-19 13:16:58 +00:00
William Martin	1319d2cee5	Merge pull request #8969 from sochotnicky/improve-rerun-docs Improve gh run rerun docs	2024-04-17 14:39:15 +02:00
Stanislav Ochotnický	4aa18a9b9a	Make it clearer that job flag is meant to be an ID	2024-04-17 13:53:55 +02:00
Stanislav Ochotnický	40be4b366c	Ignore run-id when providing also job for rerun This makes the behaviour consistent with gh run view.	2024-04-17 13:49:16 +02:00
William Martin	fd4f2c9c1f	Merge pull request #8620 from heaths/merge-json Merge JSON responses from `gh api`	2024-04-17 11:45:13 +02:00
richterdavid	8009e79113	Update install_linux.md (#8950 ) Co-authored-by: richterdavid <richterdavid@nospam.me> Co-authored-by: William Martin <williammartin@github.com>	2024-04-16 17:37:25 +02:00
Heath Stewart	2758b80013	Remove unnecessary --help comment	2024-04-15 21:38:16 -07:00
Matthew Hughes	71404e7a6f	Fix `go` directive in `go.mod` (#8956 )	2024-04-15 16:58:19 +02:00
Andy Feller	e069ab3b6c	Merge pull request #8935 from babakks/8508-add-skip-ssh-key-option	2024-04-15 10:03:51 -04:00
William Martin	05b37e70b2	Merge pull request #8957 from matthewhughes934/fix-go-ci-cache-contention Fix cache contention in Go CI jobs	2024-04-15 12:29:41 +02:00
William Martin	22bc365365	Merge pull request #8958 from matthewhughes934/tidy-go-mod Tidy `go.mod`	2024-04-15 12:24:15 +02:00
Babak K. Shandiz	1992fdeb1a	Use `filepath.Join` to support different platforms Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-14 00:09:53 +01:00
Babak K. Shandiz	d241259d4e	Run `go mod tidy` Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-13 21:17:36 +01:00
Babak K. Shandiz	f05a5ccb6b	Merge branch 'trunk' into 8508-add-skip-ssh-key-option Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-13 21:17:16 +01:00
Babak K. Shandiz	a269032fd3	Refactor into table tests Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-13 21:13:12 +01:00
Babak K. Shandiz	2c6343ad56	Explain `--skip-ssh-key` usage in long doc Signed-off-by: Babak K. Shandiz <babak.k.shandiz@gmail.com>	2024-04-13 15:47:44 +01:00
Matthew Hughes	d4169eadb7	Tidy `go.mod` I.e. the result of `go mod tidy`. This is currently causing failures on `trunk` CI, e.g.[1] [1] https://github.com/cli/cli/actions/runs/8664231876/job/23760159399	2024-04-12 17:39:44 +01:00
Matthew Hughes	0d6bd6d53c	Fix cache contention in Go CI jobs Fix the `Set up go` and `Restore Go modules cache` steps both trying to read/write the same contents. Since the `setup-go` step runs first this results in the "restore cache" step trying to write the same contents under `~/go/pkg/mod` which results in errors like (e.g. random example[1]): /usr/bin/tar -xf /home/runner/work/_temp/6d12957f-f226-455e-b99c-fa7ee8c962cb/cache.tzst -P -C /home/runner/work/cli/cli --use-compress-program unzstd /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/go.sum: Cannot open: File exists Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/proxy.go: Cannot open: File exists Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/socks5.go: Cannot open: File exists Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/dial_test.go: Cannot open: File exists Since restoring fails, the cache job thinks no cache hit was made and proceeds to try and save, but since it may well have fetched a valid cache this can also error (again, see[1]): Post job cleanup. /usr/bin/tar --posix -cf cache.tzst --exclude cache.tzst -P -C /home/runner/work/cli/cli --files-from manifest.txt --use-compress-program zstdmt Failed to save: Unable to reserve cache with key go-Linux-1b4ae53bfd76c3b70f62d419e17f36544d0a1331f04b13d2a942e7752e3789c3, another job may be creating this cache. More details: Cache already exists. Scope: refs/heads/trunk, Key: go-Linux-1b4ae53bfd76c3b70f62d419e17f36544d0a1331f04b13d2a942e7752e3789c3, Version: 2a8d0f2be1a88abb057cd9fcea9832bd16e7ab71798dbf93cd890eb9add83cf6 To avoid this, just rely on the caching functionality of the `seutp-go` action. For some context, It appears this cache behaviour was added with `cb7315c85d` when these workflows were still run with `setup-go@v2`: $ git show cb7315c85d3c0e010ba117ca7e692ed6f18f16c5:{.github/workflows/go.yml,.github/workflows/lint.yml} \| grep 'actions/setup-go' uses: actions/setup-go@v2 uses: actions/setup-go@v2 which is before caching behaviour was added (with `v3.2.0`[2]). [1] https://github.com/cli/cli/actions/runs/8654869114/job/23732868571 [2] https://github.com/actions/setup-go/releases/tag/v3.2.0	2024-04-12 17:36:45 +01:00
Andy Feller	a42450e9a3	Merge pull request #8949 from steiza/steiza/multi-attestation Add support to `attestation` command for more predicate types.	2024-04-12 11:12:59 -04:00
Meredith Lancaster	02158e896b	Fix `attestation` cmd offline unit test failure (#8933 ) * pass policy to Verify method Signed-off-by: Meredith Lancaster <malancas@github.com> * remove policy argument from SigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * add SigstoreVerifier interface and introduce mock SigstoreVerifier struct for unit testing Signed-off-by: Meredith Lancaster <malancas@github.com> * gofmt Signed-off-by: Meredith Lancaster <malancas@github.com> * rename LiveSigstoreVerifier constructor Signed-off-by: Meredith Lancaster <malancas@github.com> * pr feedback, add todos for tests that need to be reimplemented Signed-off-by: Meredith Lancaster <malancas@github.com> * remove unused import Signed-off-by: Meredith Lancaster <malancas@github.com> * add more missing TODO statements Signed-off-by: Meredith Lancaster <malancas@github.com> * update skipped test Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com>	2024-04-11 18:09:10 -06:00
Zach Steindler	f0a1e2707c	Change subcommands default to be more user friendly Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-10 10:11:33 -04:00
Zach Steindler	2b293c4840	Add unit test, update naming, ensure DSSE envelope is in-toto Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-10 09:49:34 -04:00
Zach Steindler	c96fb7c553	Updates from linter feedback Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-09 17:34:45 -04:00
Zach Steindler	643f4031b2	Add support to `attestation` command for more predicate types. Before, we required all attestations have predicateType https://slsa.dev/provenance/v1. This allows you to use other predicate types, and adds the ability to filter responses from the API for a particular predicate type. Signed-off-by: Zach Steindler <steiza@github.com>	2024-04-09 17:26:32 -04:00
Andy Feller	88a7e529ab	Merge pull request #8762 from Ebonsignori/8761/allow-multiple-items-in-nested-array allow multiple items in nested array	2024-04-09 14:23:19 -04:00
Andy Feller	6a55528882	Merge pull request #8899 from babakks/8679-include-num-selected-repos Include `numSelectedRepos` in JSON output of `gh secret list`	2024-04-09 13:18:50 -04:00
William Martin	a76230454a	Merge pull request #8945 from cli/wm/you-didnt-see-nothin Close zip file in run view tests	2024-04-08 17:02:09 +02:00
William Martin	61584b83cb	Close zip file in run view tests	2024-04-08 16:50:43 +02:00

1 2 3 4 5 ...

7437 commits