diff --git a/.github/release-drafter-config.yml b/.github/release-drafter-config.yml index 3c90424..d5a0535 100644 --- a/.github/release-drafter-config.yml +++ b/.github/release-drafter-config.yml @@ -14,6 +14,9 @@ categories: - title: "🧰 Maintenance" labels: - "chore" + - title: "💥 Breaking Changes" + labels: + - "breaking" change-template: "- $TITLE @$AUTHOR (#$NUMBER)" change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. @@ -21,6 +24,7 @@ version-resolver: major: labels: - "major" + - "breaking" minor: labels: - "minor" @@ -40,11 +44,13 @@ autolabeler: branch: - '/docs{0,1}\/.+/' - '/tests{0,1}\/.+/' - - '/chore{0,1}\/.+/' + - '/chore\/.+/' + - '/refactor\/.+/' title: - "/docs/i" - "/test/i" - "/chore/i" + - "/refactor/i" - label: "bug" branch: - '/fix\/.+/' @@ -60,3 +66,6 @@ autolabeler: title: - "/feat/i" - "/add/i" + - label: "breaking" + title: + - "/.*!/i" diff --git a/README.md b/README.md index a4fabab..2255842 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ See [Policy Mapping](#policy-mapping) for more details. The `attest.Verify` function returns a `VerificationSummary` object, which contains the results of the policy evaluation. -See [example_verify_test.go](./pkg/attest/example_verify_test.go) for an example of how to verify an image against a policy. +See [example_verify_test.go](./example_verify_test.go) for an example of how to verify an image against a policy. ## Signing Attestations @@ -76,7 +76,7 @@ This function takes a statement and DSSE signer, and returns a signed DSSE envel For the common use case of signing a statement and adding it to a manifest, e.g. for pushing to a registry as a referrer to the image being attested, the `attestation.AttestationManifest` type can be used. See [example_attestation_manifest_test.go](./pkg/attestation/example_attestation_manifest_test.go) -See also [example_sign_test.go](./pkg/attest/example_sign_test.go) for an example of how to sign all attached in-toto statements on an image, e.g. those produced by buildkit. +See also [example_sign_test.go](./example_sign_test.go) for an example of how to sign all attached in-toto statements on an image, e.g. those produced by buildkit. # Rego Policy diff --git a/pkg/attestation/README.md b/attestation/README.md similarity index 100% rename from pkg/attestation/README.md rename to attestation/README.md diff --git a/pkg/attestation/attestation.go b/attestation/attestation.go similarity index 99% rename from pkg/attestation/attestation.go rename to attestation/attestation.go index a3a1f0e..29c696c 100644 --- a/pkg/attestation/attestation.go +++ b/attestation/attestation.go @@ -8,7 +8,7 @@ import ( "maps" "strings" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" "github.com/google/go-containerregistry/pkg/v1/layout" diff --git a/pkg/attestation/attestation_test.go b/attestation/attestation_test.go similarity index 84% rename from pkg/attestation/attestation_test.go rename to attestation/attestation_test.go index 32e73d8..5ebc55b 100644 --- a/pkg/attestation/attestation_test.go +++ b/attestation/attestation_test.go @@ -3,8 +3,8 @@ package attestation_test import ( "testing" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/stretchr/testify/assert" ) @@ -12,7 +12,7 @@ import ( const ExpectedStatements = 4 func TestExtractAnnotatedStatements(t *testing.T) { - statements, err := attestation.ExtractAnnotatedStatements(test.UnsignedTestImage, intoto.PayloadType) + statements, err := attestation.ExtractAnnotatedStatements(test.UnsignedTestImage(".."), intoto.PayloadType) assert.NoError(t, err) assert.Equalf(t, len(statements), ExpectedStatements, "expected %d statement, got %d", ExpectedStatements, len(statements)) } diff --git a/pkg/attestation/example_attestation_manifest_test.go b/attestation/example_attestation_manifest_test.go similarity index 94% rename from pkg/attestation/example_attestation_manifest_test.go rename to attestation/example_attestation_manifest_test.go index 79dffc3..c61f7dd 100644 --- a/pkg/attestation/example_attestation_manifest_test.go +++ b/attestation/example_attestation_manifest_test.go @@ -4,9 +4,9 @@ import ( "context" "time" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/signerverifier" + "github.com/docker/attest/attestation" + "github.com/docker/attest/oci" + "github.com/docker/attest/signerverifier" v1 "github.com/google/go-containerregistry/pkg/v1" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common" diff --git a/pkg/attestation/layout.go b/attestation/layout.go similarity index 99% rename from pkg/attestation/layout.go rename to attestation/layout.go index 971a081..c594e77 100644 --- a/pkg/attestation/layout.go +++ b/attestation/layout.go @@ -5,7 +5,7 @@ import ( "encoding/json" "fmt" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/layout" ) diff --git a/pkg/attestation/layout_test.go b/attestation/layout_test.go similarity index 89% rename from pkg/attestation/layout_test.go rename to attestation/layout_test.go index 4877029..c9885b8 100644 --- a/pkg/attestation/layout_test.go +++ b/attestation/layout_test.go @@ -4,11 +4,11 @@ import ( "strings" "testing" + "github.com/docker/attest" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attest" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -24,7 +24,7 @@ func TestAttestationFromOCILayout(t *testing.T) { } opts := &attestation.SigningOptions{} - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts) require.NoError(t, err) diff --git a/pkg/attestation/mock.go b/attestation/mock.go similarity index 97% rename from pkg/attestation/mock.go rename to attestation/mock.go index a877e89..59508fe 100644 --- a/pkg/attestation/mock.go +++ b/attestation/mock.go @@ -3,7 +3,7 @@ package attestation import ( "context" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" ) diff --git a/pkg/attestation/referrers.go b/attestation/referrers.go similarity index 99% rename from pkg/attestation/referrers.go rename to attestation/referrers.go index b46444c..b9d33c1 100644 --- a/pkg/attestation/referrers.go +++ b/attestation/referrers.go @@ -5,7 +5,7 @@ import ( "fmt" "strings" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" ) diff --git a/pkg/attestation/referrers_test.go b/attestation/referrers_test.go similarity index 91% rename from pkg/attestation/referrers_test.go rename to attestation/referrers_test.go index fc548c1..87a86ab 100644 --- a/pkg/attestation/referrers_test.go +++ b/attestation/referrers_test.go @@ -7,12 +7,12 @@ import ( "path/filepath" "testing" + "github.com/docker/attest" + "github.com/docker/attest/attestation" + "github.com/docker/attest/config" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attest" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/registry" "github.com/google/go-containerregistry/pkg/v1/remote" @@ -21,12 +21,12 @@ import ( ) var ( - NoProvenanceImage = filepath.Join("..", "..", "test", "testdata", "no-provenance-image") - PassPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-pass") - LocalPolicy = filepath.Join("..", "..", "test", "testdata", "local-policy") - LocalPolicyAttached = filepath.Join("..", "..", "test", "testdata", "local-policy-attached") - PassNoTLPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-no-tl") - FailPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-fail") + NoProvenanceImage = filepath.Join("..", "test", "testdata", "no-provenance-image") + PassPolicyDir = filepath.Join("..", "test", "testdata", "local-policy-pass") + LocalPolicy = filepath.Join("..", "test", "testdata", "local-policy") + LocalPolicyAttached = filepath.Join("..", "test", "testdata", "local-policy-attached") + PassNoTLPolicyDir = filepath.Join("..", "test", "testdata", "local-policy-no-tl") + FailPolicyDir = filepath.Join("..", "test", "testdata", "local-policy-fail") TestTempDir = "attest-sign-test" ) @@ -90,7 +90,7 @@ func TestAttestationReferenceTypes(t *testing.T) { opts := &attestation.SigningOptions{ SkipTL: true, } - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) indexName := fmt.Sprintf("%s/repo:root", u.Host) @@ -212,7 +212,7 @@ func TestReferencesInDifferentRepo(t *testing.T) { opts := &attestation.SigningOptions{ SkipTL: true, } - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) indexName := fmt.Sprintf("%s/%s:latest", serverURL.Host, repoName) @@ -238,7 +238,7 @@ func TestReferencesInDifferentRepo(t *testing.T) { opts := &attestation.SigningOptions{ SkipTL: true, } - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) indexName := fmt.Sprintf("%s/%s:latest", serverURL.Host, repoName) @@ -294,7 +294,7 @@ func TestCorrectArtifactTypeInTagFallback(t *testing.T) { opts := &attestation.SigningOptions{ SkipTL: true, } - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) indexName := fmt.Sprintf("%s/%s:latest", serverURL.Host, repoName) diff --git a/pkg/attestation/registry.go b/attestation/registry.go similarity index 98% rename from pkg/attestation/registry.go rename to attestation/registry.go index ad71ba0..a4375a8 100644 --- a/pkg/attestation/registry.go +++ b/attestation/registry.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" diff --git a/pkg/attestation/registry_test.go b/attestation/registry_test.go similarity index 85% rename from pkg/attestation/registry_test.go rename to attestation/registry_test.go index 9347faa..6af9842 100644 --- a/pkg/attestation/registry_test.go +++ b/attestation/registry_test.go @@ -7,11 +7,11 @@ import ( "strings" "testing" + "github.com/docker/attest" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attest" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" "github.com/google/go-containerregistry/pkg/registry" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -25,7 +25,7 @@ func TestRegistry(t *testing.T) { require.NoError(t, err) opts := &attestation.SigningOptions{} - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts) require.NoError(t, err) diff --git a/pkg/attestation/resolver.go b/attestation/resolver.go similarity index 82% rename from pkg/attestation/resolver.go rename to attestation/resolver.go index d349719..0cc73b0 100644 --- a/pkg/attestation/resolver.go +++ b/attestation/resolver.go @@ -3,7 +3,7 @@ package attestation import ( "context" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" ) type Resolver interface { diff --git a/pkg/attestation/sign.go b/attestation/sign.go similarity index 98% rename from pkg/attestation/sign.go rename to attestation/sign.go index 6633bcc..adee225 100644 --- a/pkg/attestation/sign.go +++ b/attestation/sign.go @@ -5,7 +5,7 @@ import ( "fmt" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/tlog" + "github.com/docker/attest/tlog" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/secure-systems-lab/go-securesystemslib/dsse" ) diff --git a/pkg/attestation/sign_test.go b/attestation/sign_test.go similarity index 98% rename from pkg/attestation/sign_test.go rename to attestation/sign_test.go index 2c18184..7c7b79d 100644 --- a/pkg/attestation/sign_test.go +++ b/attestation/sign_test.go @@ -11,10 +11,10 @@ import ( "testing" "time" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/signerverifier" + "github.com/docker/attest/oci" + "github.com/docker/attest/signerverifier" "github.com/google/go-containerregistry/pkg/registry" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/static" diff --git a/pkg/attestation/types.go b/attestation/types.go similarity index 100% rename from pkg/attestation/types.go rename to attestation/types.go diff --git a/pkg/attestation/verify.go b/attestation/verify.go similarity index 97% rename from pkg/attestation/verify.go rename to attestation/verify.go index ea2c935..31e3309 100644 --- a/pkg/attestation/verify.go +++ b/attestation/verify.go @@ -10,8 +10,8 @@ import ( "time" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/signerverifier" - "github.com/docker/attest/pkg/tlog" + "github.com/docker/attest/signerverifier" + "github.com/docker/attest/tlog" intoto "github.com/in-toto/in-toto-golang/in_toto" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/secure-systems-lab/go-securesystemslib/dsse" diff --git a/pkg/attestation/verify_test.go b/attestation/verify_test.go similarity index 96% rename from pkg/attestation/verify_test.go rename to attestation/verify_test.go index e8c001b..1e13b24 100644 --- a/pkg/attestation/verify_test.go +++ b/attestation/verify_test.go @@ -4,8 +4,8 @@ import ( "encoding/base64" "testing" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" intoto "github.com/in-toto/in-toto-golang/in_toto" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/stretchr/testify/assert" diff --git a/pkg/attestation/vsa.go b/attestation/vsa.go similarity index 100% rename from pkg/attestation/vsa.go rename to attestation/vsa.go diff --git a/pkg/config/config.go b/config/config.go similarity index 98% rename from pkg/config/config.go rename to config/config.go index ae12702..6eea642 100644 --- a/pkg/config/config.go +++ b/config/config.go @@ -6,7 +6,7 @@ import ( "path/filepath" "regexp" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" "sigs.k8s.io/yaml" ) diff --git a/pkg/config/types.go b/config/types.go similarity index 100% rename from pkg/config/types.go rename to config/types.go diff --git a/pkg/attest/example_sign_test.go b/example_sign_test.go similarity index 92% rename from pkg/attest/example_sign_test.go rename to example_sign_test.go index c4ef6ad..d196166 100644 --- a/pkg/attest/example_sign_test.go +++ b/example_sign_test.go @@ -3,10 +3,10 @@ package attest_test import ( "context" - "github.com/docker/attest/pkg/attest" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/signerverifier" + "github.com/docker/attest" + "github.com/docker/attest/attestation" + "github.com/docker/attest/oci" + "github.com/docker/attest/signerverifier" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" "github.com/google/go-containerregistry/pkg/v1/mutate" diff --git a/pkg/attest/example_verify_test.go b/example_verify_test.go similarity index 90% rename from pkg/attest/example_verify_test.go rename to example_verify_test.go index 4fa64be..b91deee 100644 --- a/pkg/attest/example_verify_test.go +++ b/example_verify_test.go @@ -6,10 +6,10 @@ import ( "os" "path/filepath" - "github.com/docker/attest/pkg/attest" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" + "github.com/docker/attest/tuf" ) func ExampleVerify_remote() { diff --git a/test/testdata/test-signing-key.pem b/internal/test/test-signing-key.pem similarity index 100% rename from test/testdata/test-signing-key.pem rename to internal/test/test-signing-key.pem diff --git a/internal/test/test.go b/internal/test/test.go index 1b61cc2..7362067 100644 --- a/internal/test/test.go +++ b/internal/test/test.go @@ -2,12 +2,13 @@ package test import ( "context" + _ "embed" "os" "path/filepath" "testing" - "github.com/docker/attest/pkg/signerverifier" - "github.com/docker/attest/pkg/tlog" + "github.com/docker/attest/signerverifier" + "github.com/docker/attest/tlog" "github.com/secure-systems-lab/go-securesystemslib/dsse" ) @@ -19,7 +20,10 @@ const ( AWSKMSKeyARN = "arn:aws:kms:us-east-1:175142243308:alias/doi-signing" // sandbox ) -var UnsignedTestImage = filepath.Join("..", "..", "test", "testdata", "unsigned-test-image") +func UnsignedTestImage(rel ...string) string { + rel = append(rel, "test", "testdata", "unsigned-test-image") + return filepath.Join(rel...) +} func CreateTempDir(t *testing.T, dir, pattern string) string { // Create a temporary directory for output oci layout @@ -37,12 +41,11 @@ func CreateTempDir(t *testing.T, dir, pattern string) string { return tempDir } +//go:embed test-signing-key.pem +var signingKey []byte + func GetMockSigner(_ context.Context) (dsse.SignerVerifier, error) { - priv, err := os.ReadFile(filepath.Join("..", "..", "test", "testdata", "test-signing-key.pem")) - if err != nil { - return nil, err - } - return signerverifier.LoadKeyPair(priv) + return signerverifier.LoadKeyPair(signingKey) } func Setup(t *testing.T) (context.Context, dsse.SignerVerifier) { diff --git a/pkg/mirror/README.md b/mirror/README.md similarity index 100% rename from pkg/mirror/README.md rename to mirror/README.md diff --git a/pkg/mirror/example_mirror_test.go b/mirror/example_mirror_test.go similarity index 97% rename from pkg/mirror/example_mirror_test.go rename to mirror/example_mirror_test.go index c4c4b15..d0aea09 100644 --- a/pkg/mirror/example_mirror_test.go +++ b/mirror/example_mirror_test.go @@ -6,9 +6,9 @@ import ( "path/filepath" "strings" - "github.com/docker/attest/pkg/mirror" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/mirror" + "github.com/docker/attest/oci" + "github.com/docker/attest/tuf" v1 "github.com/google/go-containerregistry/pkg/v1" ) diff --git a/pkg/mirror/metadata.go b/mirror/metadata.go similarity index 99% rename from pkg/mirror/metadata.go rename to mirror/metadata.go index 780212b..fc49948 100644 --- a/pkg/mirror/metadata.go +++ b/mirror/metadata.go @@ -4,7 +4,7 @@ import ( "fmt" "strconv" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" "github.com/google/go-containerregistry/pkg/v1/mutate" diff --git a/pkg/mirror/metadata_test.go b/mirror/metadata_test.go similarity index 92% rename from pkg/mirror/metadata_test.go rename to mirror/metadata_test.go index 861d783..d7eb43b 100644 --- a/pkg/mirror/metadata_test.go +++ b/mirror/metadata_test.go @@ -10,7 +10,7 @@ import ( "testing" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" "github.com/stretchr/testify/assert" "github.com/theupdateframework/go-tuf/v2/metadata" ) @@ -21,7 +21,7 @@ const ( ) func TestGetTufMetadataMirror(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") @@ -39,7 +39,7 @@ func TestGetTufMetadataMirror(t *testing.T) { } func TestGetMetadataManifest(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") @@ -78,7 +78,7 @@ func TestGetMetadataManifest(t *testing.T) { } func TestGetDelegatedMetadataMirrors(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") diff --git a/pkg/mirror/mirror.go b/mirror/mirror.go similarity index 94% rename from pkg/mirror/mirror.go rename to mirror/mirror.go index 55c8631..6024703 100644 --- a/pkg/mirror/mirror.go +++ b/mirror/mirror.go @@ -3,7 +3,7 @@ package mirror import ( "fmt" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" ) func NewTUFMirror(root []byte, tufPath, metadataURL, targetsURL string, versionChecker tuf.VersionChecker) (*TUFMirror, error) { diff --git a/pkg/mirror/targets.go b/mirror/targets.go similarity index 99% rename from pkg/mirror/targets.go rename to mirror/targets.go index e738d95..f189579 100644 --- a/pkg/mirror/targets.go +++ b/mirror/targets.go @@ -5,7 +5,7 @@ import ( "path/filepath" "strings" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" "github.com/google/go-containerregistry/pkg/v1/mutate" diff --git a/pkg/mirror/targets_test.go b/mirror/targets_test.go similarity index 92% rename from pkg/mirror/targets_test.go rename to mirror/targets_test.go index b229e42..6b50d6b 100644 --- a/pkg/mirror/targets_test.go +++ b/mirror/targets_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" "github.com/stretchr/testify/assert" ) @@ -22,7 +22,7 @@ type Layers struct { } func TestGetTufTargetsMirror(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") @@ -56,7 +56,7 @@ func TestGetTufTargetsMirror(t *testing.T) { } func TestTargetDelegationMetadata(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") @@ -69,7 +69,7 @@ func TestTargetDelegationMetadata(t *testing.T) { } func TestGetDelegatedTargetMirrors(t *testing.T) { - server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo")))) + server := httptest.NewServer(http.FileServer(http.Dir(filepath.Join("..", "test", "testdata", "tuf", "test-repo")))) defer server.Close() path := test.CreateTempDir(t, "", "tuf_temp") diff --git a/pkg/mirror/types.go b/mirror/types.go similarity index 93% rename from pkg/mirror/types.go rename to mirror/types.go index 41f933b..865c17f 100644 --- a/pkg/mirror/types.go +++ b/mirror/types.go @@ -1,8 +1,8 @@ package mirror import ( - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/oci" + "github.com/docker/attest/tuf" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/theupdateframework/go-tuf/v2/metadata" ) diff --git a/pkg/oci/README.md b/oci/README.md similarity index 100% rename from pkg/oci/README.md rename to oci/README.md diff --git a/pkg/oci/authn.go b/oci/authn.go similarity index 100% rename from pkg/oci/authn.go rename to oci/authn.go diff --git a/pkg/oci/authn_test.go b/oci/authn_test.go similarity index 87% rename from pkg/oci/authn_test.go rename to oci/authn_test.go index 119f19b..71a9ec5 100644 --- a/pkg/oci/authn_test.go +++ b/oci/authn_test.go @@ -6,12 +6,12 @@ import ( "testing" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/stretchr/testify/require" ) func TestRegistryAuth(t *testing.T) { - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) // test cases for ecr, gcr and dockerhub testCases := []struct { diff --git a/pkg/oci/http.go b/oci/http.go similarity index 100% rename from pkg/oci/http.go rename to oci/http.go diff --git a/pkg/oci/oci.go b/oci/oci.go similarity index 100% rename from pkg/oci/oci.go rename to oci/oci.go diff --git a/pkg/oci/oci_test.go b/oci/oci_test.go similarity index 98% rename from pkg/oci/oci_test.go rename to oci/oci_test.go index 898f5af..ec4a4b1 100644 --- a/pkg/oci/oci_test.go +++ b/oci/oci_test.go @@ -5,7 +5,7 @@ import ( "github.com/distribution/reference" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/layout" "github.com/stretchr/testify/assert" @@ -67,7 +67,7 @@ func TestRefToPurl(t *testing.T) { // Test fix for https://github.com/docker/secure-artifacts-team-issues/issues/202 func TestImageDigestForPlatform(t *testing.T) { - idx, err := layout.ImageIndexFromPath(test.UnsignedTestImage) + idx, err := layout.ImageIndexFromPath(test.UnsignedTestImage("..")) assert.NoError(t, err) idxm, err := idx.IndexManifest() diff --git a/pkg/oci/output.go b/oci/output.go similarity index 100% rename from pkg/oci/output.go rename to oci/output.go diff --git a/pkg/oci/output_test.go b/oci/output_test.go similarity index 95% rename from pkg/oci/output_test.go rename to oci/output_test.go index 27fc546..32feb6c 100644 --- a/pkg/oci/output_test.go +++ b/oci/output_test.go @@ -6,9 +6,9 @@ import ( "net/url" "testing" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/google/go-containerregistry/pkg/registry" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" @@ -18,7 +18,7 @@ import ( func TestSavingIndex(t *testing.T) { outputLayout := test.CreateTempDir(t, "", "mirror-test") - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage("..")) require.NoError(t, err) server := httptest.NewServer(registry.New()) diff --git a/pkg/oci/registry.go b/oci/registry.go similarity index 100% rename from pkg/oci/registry.go rename to oci/registry.go diff --git a/pkg/oci/resolver.go b/oci/resolver.go similarity index 100% rename from pkg/oci/resolver.go rename to oci/resolver.go diff --git a/pkg/oci/types.go b/oci/types.go similarity index 100% rename from pkg/oci/types.go rename to oci/types.go diff --git a/pkg/oci/types_test.go b/oci/types_test.go similarity index 100% rename from pkg/oci/types_test.go rename to oci/types_test.go diff --git a/pkg/attest/README.md b/pkg/attest/README.md deleted file mode 100644 index c9bff82..0000000 --- a/pkg/attest/README.md +++ /dev/null @@ -1,2 +0,0 @@ -## attest -This package implements the top-level signing and verification methods. \ No newline at end of file diff --git a/pkg/policy/README.md b/policy/README.md similarity index 100% rename from pkg/policy/README.md rename to policy/README.md diff --git a/pkg/policy/evaluator.go b/policy/evaluator.go similarity index 80% rename from pkg/policy/evaluator.go rename to policy/evaluator.go index 76369cd..4e28c37 100644 --- a/pkg/policy/evaluator.go +++ b/policy/evaluator.go @@ -3,7 +3,7 @@ package policy import ( "context" - "github.com/docker/attest/pkg/attestation" + "github.com/docker/attest/attestation" ) type Evaluator interface { diff --git a/pkg/policy/match.go b/policy/match.go similarity index 98% rename from pkg/policy/match.go rename to policy/match.go index 4b8be4f..374aec2 100644 --- a/pkg/policy/match.go +++ b/policy/match.go @@ -3,7 +3,7 @@ package policy import ( "fmt" - "github.com/docker/attest/pkg/config" + "github.com/docker/attest/config" ) type matchType string diff --git a/pkg/policy/match_test.go b/policy/match_test.go similarity index 98% rename from pkg/policy/match_test.go rename to policy/match_test.go index 6682406..e73aa6f 100644 --- a/pkg/policy/match_test.go +++ b/policy/match_test.go @@ -4,7 +4,7 @@ import ( "path/filepath" "testing" - "github.com/docker/attest/pkg/config" + "github.com/docker/attest/config" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/policy/mock.go b/policy/mock.go similarity index 94% rename from pkg/policy/mock.go rename to policy/mock.go index 0f9f0b3..bacd5ff 100644 --- a/pkg/policy/mock.go +++ b/policy/mock.go @@ -3,7 +3,7 @@ package policy import ( "context" - "github.com/docker/attest/pkg/attestation" + "github.com/docker/attest/attestation" ) type MockPolicyEvaluator struct { diff --git a/pkg/policy/policy.go b/policy/policy.go similarity index 90% rename from pkg/policy/policy.go rename to policy/policy.go index 91892a1..a03f89a 100644 --- a/pkg/policy/policy.go +++ b/policy/policy.go @@ -3,9 +3,9 @@ package policy import ( "fmt" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/attestation" + "github.com/docker/attest/config" + "github.com/docker/attest/oci" ) func CreateImageDetailsResolver(imageSource *oci.ImageSpec) (oci.ImageDetailsResolver, error) { diff --git a/pkg/policy/policy_test.go b/policy/policy_test.go similarity index 96% rename from pkg/policy/policy_test.go rename to policy/policy_test.go index a6529b6..634b38f 100644 --- a/pkg/policy/policy_test.go +++ b/policy/policy_test.go @@ -6,11 +6,11 @@ import ( "path/filepath" "testing" + "github.com/docker/attest/attestation" + "github.com/docker/attest/config" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -32,7 +32,7 @@ func loadAttestation(t *testing.T, path string) *attestation.Envelope { func TestRegoEvaluator_Evaluate(t *testing.T) { ctx, _ := test.Setup(t) resolveErrorStr := "failed to resolve policy by id: policy with id non-existent-policy-id not found" - TestDataPath := filepath.Join("..", "..", "test", "testdata") + TestDataPath := filepath.Join("..", "test", "testdata") ExampleAttestation := filepath.Join(TestDataPath, "example_attestation.json") re := policy.NewRegoEvaluator(true) diff --git a/pkg/policy/rego.go b/policy/rego.go similarity index 99% rename from pkg/policy/rego.go rename to policy/rego.go index a99fe10..b99518b 100644 --- a/pkg/policy/rego.go +++ b/policy/rego.go @@ -7,7 +7,7 @@ import ( "os" "path/filepath" - "github.com/docker/attest/pkg/attestation" + "github.com/docker/attest/attestation" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/open-policy-agent/opa/ast" "github.com/open-policy-agent/opa/rego" diff --git a/pkg/policy/resolver.go b/policy/resolver.go similarity index 98% rename from pkg/policy/resolver.go rename to policy/resolver.go index 7d73e1f..2e3a445 100644 --- a/pkg/policy/resolver.go +++ b/policy/resolver.go @@ -8,9 +8,9 @@ import ( "path/filepath" "github.com/distribution/reference" + "github.com/docker/attest/config" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" ) type Resolver struct { diff --git a/pkg/policy/resolver_test.go b/policy/resolver_test.go similarity index 96% rename from pkg/policy/resolver_test.go rename to policy/resolver_test.go index 026bd39..cb8ed5a 100644 --- a/pkg/policy/resolver_test.go +++ b/policy/resolver_test.go @@ -5,8 +5,8 @@ import ( "testing" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/policy" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/policy" + "github.com/docker/attest/tuf" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/policy/testdata/mappings/doi/mapping.yaml b/policy/testdata/mappings/doi/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/doi/mapping.yaml rename to policy/testdata/mappings/doi/mapping.yaml diff --git a/pkg/policy/testdata/mappings/local/mapping.yaml b/policy/testdata/mappings/local/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/local/mapping.yaml rename to policy/testdata/mappings/local/mapping.yaml diff --git a/pkg/policy/testdata/mappings/rewrite-invalid/mapping.yaml b/policy/testdata/mappings/rewrite-invalid/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/rewrite-invalid/mapping.yaml rename to policy/testdata/mappings/rewrite-invalid/mapping.yaml diff --git a/pkg/policy/testdata/mappings/rewrite-loop/mapping.yaml b/policy/testdata/mappings/rewrite-loop/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/rewrite-loop/mapping.yaml rename to policy/testdata/mappings/rewrite-loop/mapping.yaml diff --git a/pkg/policy/testdata/mappings/rewrite-multiple/mapping.yaml b/policy/testdata/mappings/rewrite-multiple/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/rewrite-multiple/mapping.yaml rename to policy/testdata/mappings/rewrite-multiple/mapping.yaml diff --git a/pkg/policy/testdata/mappings/rewrite-to-local/mapping.yaml b/policy/testdata/mappings/rewrite-to-local/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/rewrite-to-local/mapping.yaml rename to policy/testdata/mappings/rewrite-to-local/mapping.yaml diff --git a/pkg/policy/testdata/mappings/rewrite-to-no-match/mapping.yaml b/policy/testdata/mappings/rewrite-to-no-match/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/rewrite-to-no-match/mapping.yaml rename to policy/testdata/mappings/rewrite-to-no-match/mapping.yaml diff --git a/pkg/policy/testdata/mappings/simple-rewrite/mapping.yaml b/policy/testdata/mappings/simple-rewrite/mapping.yaml similarity index 100% rename from pkg/policy/testdata/mappings/simple-rewrite/mapping.yaml rename to policy/testdata/mappings/simple-rewrite/mapping.yaml diff --git a/pkg/policy/testdata/policies/allow-canonical/doi/policy.rego b/policy/testdata/policies/allow-canonical/doi/policy.rego similarity index 100% rename from pkg/policy/testdata/policies/allow-canonical/doi/policy.rego rename to policy/testdata/policies/allow-canonical/doi/policy.rego diff --git a/pkg/policy/testdata/policies/allow-canonical/mapping.yaml b/policy/testdata/policies/allow-canonical/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/allow-canonical/mapping.yaml rename to policy/testdata/policies/allow-canonical/mapping.yaml diff --git a/pkg/policy/testdata/policies/allow/doi/policy.rego b/policy/testdata/policies/allow/doi/policy.rego similarity index 100% rename from pkg/policy/testdata/policies/allow/doi/policy.rego rename to policy/testdata/policies/allow/doi/policy.rego diff --git a/pkg/policy/testdata/policies/allow/mapping.yaml b/policy/testdata/policies/allow/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/allow/mapping.yaml rename to policy/testdata/policies/allow/mapping.yaml diff --git a/pkg/policy/testdata/policies/deny/doi/policy.rego b/policy/testdata/policies/deny/doi/policy.rego similarity index 100% rename from pkg/policy/testdata/policies/deny/doi/policy.rego rename to policy/testdata/policies/deny/doi/policy.rego diff --git a/pkg/policy/testdata/policies/deny/mapping.yaml b/policy/testdata/policies/deny/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/deny/mapping.yaml rename to policy/testdata/policies/deny/mapping.yaml diff --git a/pkg/policy/testdata/policies/no-policy/mapping.yaml b/policy/testdata/policies/no-policy/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/no-policy/mapping.yaml rename to policy/testdata/policies/no-policy/mapping.yaml diff --git a/pkg/policy/testdata/policies/no-rego/doi/policy.yaml b/policy/testdata/policies/no-rego/doi/policy.yaml similarity index 100% rename from pkg/policy/testdata/policies/no-rego/doi/policy.yaml rename to policy/testdata/policies/no-rego/doi/policy.yaml diff --git a/pkg/policy/testdata/policies/no-rego/mapping.yaml b/policy/testdata/policies/no-rego/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/no-rego/mapping.yaml rename to policy/testdata/policies/no-rego/mapping.yaml diff --git a/pkg/policy/testdata/policies/verify-sig/doi/policy.rego b/policy/testdata/policies/verify-sig/doi/policy.rego similarity index 100% rename from pkg/policy/testdata/policies/verify-sig/doi/policy.rego rename to policy/testdata/policies/verify-sig/doi/policy.rego diff --git a/pkg/policy/testdata/policies/verify-sig/mapping.yaml b/policy/testdata/policies/verify-sig/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/verify-sig/mapping.yaml rename to policy/testdata/policies/verify-sig/mapping.yaml diff --git a/pkg/policy/testdata/policies/wrong-key/doi/policy.rego b/policy/testdata/policies/wrong-key/doi/policy.rego similarity index 100% rename from pkg/policy/testdata/policies/wrong-key/doi/policy.rego rename to policy/testdata/policies/wrong-key/doi/policy.rego diff --git a/pkg/policy/testdata/policies/wrong-key/mapping.yaml b/policy/testdata/policies/wrong-key/mapping.yaml similarity index 100% rename from pkg/policy/testdata/policies/wrong-key/mapping.yaml rename to policy/testdata/policies/wrong-key/mapping.yaml diff --git a/pkg/policy/types.go b/policy/types.go similarity index 95% rename from pkg/policy/types.go rename to policy/types.go index 6d3e0dd..0828232 100644 --- a/pkg/policy/types.go +++ b/policy/types.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/config" + "github.com/docker/attest/tuf" intoto "github.com/in-toto/in-toto-golang/in_toto" ) diff --git a/pkg/attest/sign.go b/sign.go similarity index 95% rename from pkg/attest/sign.go rename to sign.go index 6ea2d3c..b106ab2 100644 --- a/pkg/attest/sign.go +++ b/sign.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/docker/attest/pkg/attestation" + "github.com/docker/attest/attestation" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/secure-systems-lab/go-securesystemslib/dsse" ) diff --git a/pkg/attest/sign_test.go b/sign_test.go similarity index 77% rename from pkg/attest/sign_test.go rename to sign_test.go index 32f1958..5df17ab 100644 --- a/pkg/attest/sign_test.go +++ b/sign_test.go @@ -4,10 +4,10 @@ import ( "path/filepath" "testing" + "github.com/docker/attest/attestation" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" intoto "github.com/in-toto/in-toto-golang/in_toto" v02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" "github.com/stretchr/testify/assert" @@ -15,13 +15,13 @@ import ( ) var ( - NoProvenanceImage = filepath.Join("..", "..", "test", "testdata", "no-provenance-image") - PassPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-pass") - PassMirrorPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-mirror") - PassNoTLPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-no-tl") - FailPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-fail") - InputsPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-inputs") - EmptyPolicyDir = filepath.Join("..", "..", "test", "testdata", "local-policy-no-policies") + NoProvenanceImage = filepath.Join("test", "testdata", "no-provenance-image") + PassPolicyDir = filepath.Join("test", "testdata", "local-policy-pass") + PassMirrorPolicyDir = filepath.Join("test", "testdata", "local-policy-mirror") + PassNoTLPolicyDir = filepath.Join("test", "testdata", "local-policy-no-tl") + FailPolicyDir = filepath.Join("test", "testdata", "local-policy-fail") + InputsPolicyDir = filepath.Join("test", "testdata", "local-policy-inputs") + EmptyPolicyDir = filepath.Join("test", "testdata", "local-policy-no-policies") TestTempDir = "attest-sign-test" ) @@ -35,8 +35,8 @@ func TestSignVerifyOCILayout(t *testing.T) { expectedAttestations int replace bool }{ - {"signed replaced", test.UnsignedTestImage, 0, 4, true}, - {"without replace", test.UnsignedTestImage, 4, 4, false}, + {"signed replaced", test.UnsignedTestImage(), 0, 4, true}, + {"without replace", test.UnsignedTestImage(), 4, 4, false}, // image without provenance doesn't fail {"no provenance (replace)", NoProvenanceImage, 0, 2, true}, {"no provenance (no replace)", NoProvenanceImage, 2, 2, false}, diff --git a/pkg/signerverifier/README.md b/signerverifier/README.md similarity index 100% rename from pkg/signerverifier/README.md rename to signerverifier/README.md diff --git a/pkg/signerverifier/aws.go b/signerverifier/aws.go similarity index 100% rename from pkg/signerverifier/aws.go rename to signerverifier/aws.go diff --git a/pkg/signerverifier/common.go b/signerverifier/common.go similarity index 100% rename from pkg/signerverifier/common.go rename to signerverifier/common.go diff --git a/pkg/signerverifier/gcp.go b/signerverifier/gcp.go similarity index 100% rename from pkg/signerverifier/gcp.go rename to signerverifier/gcp.go diff --git a/pkg/signerverifier/gcp_test.go b/signerverifier/gcp_test.go similarity index 100% rename from pkg/signerverifier/gcp_test.go rename to signerverifier/gcp_test.go diff --git a/pkg/signerverifier/keyid.go b/signerverifier/keyid.go similarity index 100% rename from pkg/signerverifier/keyid.go rename to signerverifier/keyid.go diff --git a/pkg/signerverifier/parse.go b/signerverifier/parse.go similarity index 100% rename from pkg/signerverifier/parse.go rename to signerverifier/parse.go diff --git a/pkg/tlog/README.md b/tlog/README.md similarity index 100% rename from pkg/tlog/README.md rename to tlog/README.md diff --git a/pkg/tlog/mock.go b/tlog/mock.go similarity index 100% rename from pkg/tlog/mock.go rename to tlog/mock.go diff --git a/pkg/tlog/tl.go b/tlog/tl.go similarity index 99% rename from pkg/tlog/tl.go rename to tlog/tl.go index 906fa8f..52276df 100644 --- a/pkg/tlog/tl.go +++ b/tlog/tl.go @@ -15,7 +15,7 @@ import ( "time" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/signerverifier" + "github.com/docker/attest/signerverifier" "github.com/go-openapi/runtime" "github.com/go-openapi/strfmt" "github.com/secure-systems-lab/go-securesystemslib/dsse" diff --git a/pkg/tlog/tl_test.go b/tlog/tl_test.go similarity index 98% rename from pkg/tlog/tl_test.go rename to tlog/tl_test.go index 4df4aca..0ec7813 100644 --- a/pkg/tlog/tl_test.go +++ b/tlog/tl_test.go @@ -8,7 +8,7 @@ import ( "time" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/signerverifier" + "github.com/docker/attest/signerverifier" "github.com/secure-systems-lab/go-securesystemslib/dsse" "github.com/stretchr/testify/assert" ) diff --git a/pkg/tuf/README.md b/tuf/README.md similarity index 100% rename from pkg/tuf/README.md rename to tuf/README.md diff --git a/pkg/tuf/example_registry_test.go b/tuf/example_registry_test.go similarity index 96% rename from pkg/tuf/example_registry_test.go rename to tuf/example_registry_test.go index e7efe00..e21d110 100644 --- a/pkg/tuf/example_registry_test.go +++ b/tuf/example_registry_test.go @@ -4,7 +4,7 @@ import ( "os" "path/filepath" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/tuf" "github.com/theupdateframework/go-tuf/v2/metadata" ) diff --git a/pkg/tuf/mock.go b/tuf/mock.go similarity index 100% rename from pkg/tuf/mock.go rename to tuf/mock.go diff --git a/pkg/tuf/registry.go b/tuf/registry.go similarity index 99% rename from pkg/tuf/registry.go rename to tuf/registry.go index 5ec7e4c..a772588 100644 --- a/pkg/tuf/registry.go +++ b/tuf/registry.go @@ -11,7 +11,7 @@ import ( "time" "github.com/distribution/reference" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/crane" v1 "github.com/google/go-containerregistry/pkg/v1" diff --git a/pkg/tuf/registry_test.go b/tuf/registry_test.go similarity index 99% rename from pkg/tuf/registry_test.go rename to tuf/registry_test.go index 0dc4d26..0a3a579 100644 --- a/pkg/tuf/registry_test.go +++ b/tuf/registry_test.go @@ -10,7 +10,7 @@ import ( "testing" "github.com/docker/attest/internal/util" - "github.com/docker/attest/pkg/oci" + "github.com/docker/attest/oci" "github.com/google/go-containerregistry/pkg/crane" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" diff --git a/pkg/tuf/tuf.go b/tuf/tuf.go similarity index 100% rename from pkg/tuf/tuf.go rename to tuf/tuf.go diff --git a/pkg/tuf/tuf_test.go b/tuf/tuf_test.go similarity index 96% rename from pkg/tuf/tuf_test.go rename to tuf/tuf_test.go index 6153275..f7c77cf 100644 --- a/pkg/tuf/tuf_test.go +++ b/tuf/tuf_test.go @@ -15,8 +15,8 @@ import ( ) var ( - HTTPTUFTestDataPath = filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo") - OCITUFTestDataPath = filepath.Join("..", "..", "test", "testdata", "tuf", "test-repo-oci") + HTTPTUFTestDataPath = filepath.Join("..", "test", "testdata", "tuf", "test-repo") + OCITUFTestDataPath = filepath.Join("..", "test", "testdata", "tuf", "test-repo-oci") ) func CreateTempDir(t *testing.T, dir, pattern string) string { diff --git a/pkg/tuf/version.go b/tuf/version.go similarity index 100% rename from pkg/tuf/version.go rename to tuf/version.go diff --git a/pkg/attest/types.go b/types.go similarity index 95% rename from pkg/attest/types.go rename to types.go index d3bbf4d..21fcd39 100644 --- a/pkg/attest/types.go +++ b/types.go @@ -3,7 +3,7 @@ package attest import ( "fmt" - "github.com/docker/attest/pkg/policy" + "github.com/docker/attest/policy" v1 "github.com/google/go-containerregistry/pkg/v1" intoto "github.com/in-toto/in-toto-golang/in_toto" ) diff --git a/pkg/attest/verify.go b/verify.go similarity index 97% rename from pkg/attest/verify.go rename to verify.go index f06507d..f10918c 100644 --- a/pkg/attest/verify.go +++ b/verify.go @@ -9,11 +9,11 @@ import ( "time" "github.com/distribution/reference" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/attestation" + "github.com/docker/attest/config" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" + "github.com/docker/attest/tuf" intoto "github.com/in-toto/in-toto-golang/in_toto" ) diff --git a/pkg/attest/verify_test.go b/verify_test.go similarity index 95% rename from pkg/attest/verify_test.go rename to verify_test.go index 15624b2..48c1e7e 100644 --- a/pkg/attest/verify_test.go +++ b/verify_test.go @@ -9,18 +9,18 @@ import ( "testing" "github.com/distribution/reference" + "github.com/docker/attest/attestation" + "github.com/docker/attest/config" "github.com/docker/attest/internal/test" - "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/config" - "github.com/docker/attest/pkg/oci" - "github.com/docker/attest/pkg/policy" - "github.com/docker/attest/pkg/tuf" + "github.com/docker/attest/oci" + "github.com/docker/attest/policy" + "github.com/docker/attest/tuf" intoto "github.com/in-toto/in-toto-golang/in_toto" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -var ExampleAttestation = filepath.Join("..", "..", "test", "testdata", "example_attestation.json") +var ExampleAttestation = filepath.Join("test", "testdata", "example_attestation.json") const ( LinuxAMD64 = "linux/amd64" @@ -72,7 +72,7 @@ func TestVSA(t *testing.T) { outputLayout := test.CreateTempDir(t, "", TestTempDir) opts := &attestation.SigningOptions{} - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage()) assert.NoError(t, err) signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts) require.NoError(t, err) @@ -124,7 +124,7 @@ func TestVerificationFailure(t *testing.T) { outputLayout := test.CreateTempDir(t, "", TestTempDir) opts := &attestation.SigningOptions{} - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage()) assert.NoError(t, err) signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts) require.NoError(t, err) @@ -190,7 +190,7 @@ func TestSignVerify(t *testing.T) { {name: "verify inputs", signTL: false, policyDir: InputsPolicyDir}, } - attIdx, err := oci.IndexFromPath(test.UnsignedTestImage) + attIdx, err := oci.IndexFromPath(test.UnsignedTestImage()) assert.NoError(t, err) for _, tc := range testCases {