From 74bd93000660879fd7bee9798dd5a32c5519fc60 Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Wed, 26 Jun 2024 12:14:15 +0100 Subject: [PATCH 1/4] Rename module to docker/attest-provider We were still using the name from the template --- .github/workflows/workflow.yaml | 6 +++--- Dockerfile | 8 ++++---- Makefile | 2 +- README.md | 4 ++-- charts/external-data-provider/Chart.yaml | 4 ++-- .../templates/external-data-provider-deployment.yaml | 2 +- go.mod | 2 +- main.go | 4 ++-- pkg/handler/mutate.go | 2 +- pkg/handler/validate.go | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index e278fcc..0f16024 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -30,7 +30,7 @@ jobs: with: app-id: ${{ vars.DOCKER_READ_APP_ID }} private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-external-data-provider" + repositories: "attest,attest-provider" - name: Set up Go 1.22 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -78,7 +78,7 @@ jobs: with: app-id: ${{ vars.DOCKER_READ_APP_ID }} private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-external-data-provider" + repositories: "attest,attest-provider" - name: Bootstrap e2e env: @@ -107,7 +107,7 @@ jobs: --create-namespace \ --debug - - name: Build and install attest-external-data-provider + - name: Build and install attest-provider run: | ./scripts/generate-tls-cert.sh export GITHUB_TOKEN=${{ steps.app-token.outputs.token }} diff --git a/Dockerfile b/Dockerfile index 797d2b2..f23318d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG LDFLAGS ENV GO111MODULE=on \ CGO_ENABLED=0 -WORKDIR /go/src/github.com/docker/attest-external-data-provider +WORKDIR /src/attest-provider COPY . . @@ -29,10 +29,10 @@ RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=cache,target=/root/.c FROM ${BASEIMAGE} -COPY --from=builder /go/src/github.com/docker/attest-external-data-provider/bin/attest / +COPY --from=builder /src/attest-provider/bin/attest / -COPY --from=builder --chown=65532:65532 /go/src/github.com/docker/attest-external-data-provider/certs/tls.crt \ - /go/src/github.com/docker/attest-external-data-provider/certs/tls.key \ +COPY --from=builder --chown=65532:65532 /src/attest-provider/certs/tls.crt \ + /src/attest-provider/certs/tls.key \ /certs/ USER 65532:65532 diff --git a/Makefile b/Makefile index 672e78e..5523a2c 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -REPOSITORY ?= docker/attest-external-data-provider +REPOSITORY ?= docker/attest-provider IMG := $(REPOSITORY):dev # When updating this, make sure to update the corresponding action in diff --git a/README.md b/README.md index 2a6cba6..f8374dc 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,8 @@ helm install gatekeeper/gatekeeper \ 3. Build and deploy the external data provider. ```bash -git clone https://github.com/docker/attest-external-data-provider.git -cd attest-external-data-provider +git clone https://github.com/docker/attest-provider.git +cd attest-provider # if you are not planning to establish mTLS between the provider and Gatekeeper, # deploy the provider to a separate namespace. Otherwise, do not run the following command diff --git a/charts/external-data-provider/Chart.yaml b/charts/external-data-provider/Chart.yaml index 34fe526..f4a5d81 100644 --- a/charts/external-data-provider/Chart.yaml +++ b/charts/external-data-provider/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 description: A Helm chart for attest external data provider name: attest-provider version: 0.0.1 -home: https://github.com/docker/attest-external-data-provider +home: https://github.com/docker/attest-provider sources: - - https://github.com/docker/attest-external-data-provider.git + - https://github.com/docker/attest-provider.git appVersion: 0.0.1 diff --git a/charts/external-data-provider/templates/external-data-provider-deployment.yaml b/charts/external-data-provider/templates/external-data-provider-deployment.yaml index f521ec3..d0d9a65 100644 --- a/charts/external-data-provider/templates/external-data-provider-deployment.yaml +++ b/charts/external-data-provider/templates/external-data-provider-deployment.yaml @@ -14,7 +14,7 @@ spec: run: attest-provider spec: containers: - - image: docker/attest-external-data-provider:dev + - image: docker/attest-provider:dev imagePullPolicy: IfNotPresent name: attest-provider securityContext: diff --git a/go.mod b/go.mod index c448134..c27a323 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/open-policy-agent/gatekeeper-external-data-provider +module github.com/docker/attest-provider go 1.22.1 diff --git a/main.go b/main.go index 22d4484..d35f7cb 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,8 @@ import ( "path/filepath" "time" - "github.com/open-policy-agent/gatekeeper-external-data-provider/pkg/handler" - "github.com/open-policy-agent/gatekeeper-external-data-provider/pkg/utils" + "github.com/docker/attest-provider/pkg/handler" + "github.com/docker/attest-provider/pkg/utils" "k8s.io/klog/v2" ) diff --git a/pkg/handler/mutate.go b/pkg/handler/mutate.go index cfdcaa0..18cb3a5 100644 --- a/pkg/handler/mutate.go +++ b/pkg/handler/mutate.go @@ -7,11 +7,11 @@ import ( "net/http" "runtime/debug" + "github.com/docker/attest-provider/pkg/utils" "github.com/docker/attest/pkg/oci" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" - "github.com/open-policy-agent/gatekeeper-external-data-provider/pkg/utils" "k8s.io/klog/v2" ) diff --git a/pkg/handler/validate.go b/pkg/handler/validate.go index d6ef15a..2f653d9 100644 --- a/pkg/handler/validate.go +++ b/pkg/handler/validate.go @@ -7,14 +7,14 @@ import ( "net/http" "runtime/debug" + "github.com/docker/attest-provider/internal/embed" + "github.com/docker/attest-provider/pkg/utils" "github.com/docker/attest/pkg/attest" "github.com/docker/attest/pkg/oci" "github.com/docker/attest/pkg/policy" "github.com/docker/attest/pkg/tuf" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" - "github.com/open-policy-agent/gatekeeper-external-data-provider/internal/embed" - "github.com/open-policy-agent/gatekeeper-external-data-provider/pkg/utils" "k8s.io/klog/v2" ) From 178215a5700c093f7115b72f8cf6446cedaed214 Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Wed, 26 Jun 2024 12:20:53 +0100 Subject: [PATCH 2/4] Revert references to github repo (not yet renamed) --- .github/workflows/workflow.yaml | 4 ++-- charts/external-data-provider/Chart.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 0f16024..7545b68 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -30,7 +30,7 @@ jobs: with: app-id: ${{ vars.DOCKER_READ_APP_ID }} private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-provider" + repositories: "attest,attest-external-data-provider" - name: Set up Go 1.22 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -78,7 +78,7 @@ jobs: with: app-id: ${{ vars.DOCKER_READ_APP_ID }} private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }} - repositories: "attest,attest-provider" + repositories: "attest,attest-external-data-provider" - name: Bootstrap e2e env: diff --git a/charts/external-data-provider/Chart.yaml b/charts/external-data-provider/Chart.yaml index f4a5d81..34fe526 100644 --- a/charts/external-data-provider/Chart.yaml +++ b/charts/external-data-provider/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 description: A Helm chart for attest external data provider name: attest-provider version: 0.0.1 -home: https://github.com/docker/attest-provider +home: https://github.com/docker/attest-external-data-provider sources: - - https://github.com/docker/attest-provider.git + - https://github.com/docker/attest-external-data-provider.git appVersion: 0.0.1 From df7f05078a4c1931d2c9b77e55be69392689506b Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Fri, 28 Jun 2024 16:59:35 +0100 Subject: [PATCH 3/4] Use /app for workdir in build image --- Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index f23318d..72c40a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG LDFLAGS ENV GO111MODULE=on \ CGO_ENABLED=0 -WORKDIR /src/attest-provider +WORKDIR /app COPY . . @@ -29,11 +29,9 @@ RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=cache,target=/root/.c FROM ${BASEIMAGE} -COPY --from=builder /src/attest-provider/bin/attest / +COPY --from=builder /app/bin/attest / -COPY --from=builder --chown=65532:65532 /src/attest-provider/certs/tls.crt \ - /src/attest-provider/certs/tls.key \ - /certs/ +COPY --from=builder --chown=65532:65532 /app/certs/tls.crt /app/certs/tls.key /certs/ USER 65532:65532 From d8c3d910a6b4e69d6293de208d39545dcc64c933 Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Fri, 28 Jun 2024 17:19:07 +0100 Subject: [PATCH 4/4] Use staging TUF from github pages --- charts/external-data-provider/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/external-data-provider/values.yaml b/charts/external-data-provider/values.yaml index 6abe884..4d28e1f 100644 --- a/charts/external-data-provider/values.yaml +++ b/charts/external-data-provider/values.yaml @@ -7,6 +7,9 @@ port: 8090 # tufMetadataSource: https://docker.github.io/tuf-dev/metadata # tufTargetsSource: https://docker.github.io/tuf-dev/targets +tufMetadataSource: https://docker.github.io/tuf-staging/metadata +tufTargetsSource: https://docker.github.io/tuf-staging/targets + provider: timeout: 30 tls: