docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
360 Commits 1 Branch 35 Tags
main
Commit Graph

360 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
bd2c4d7d8a feat(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#98) 
* feat(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.2.4 to 2.3.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.2.4...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update to go 1.22.5

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mrjoelkamp <joel.kamp@docker.com>
v0.1.10 		2024-07-24 13:30:56 +01:00
dependabot[bot]
03ba59c6b9 feat(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 (#97) 2024-07-23 19:08:01 +00:00
dependabot[bot]
ac82c65d7c feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#93) 2024-07-23 19:03:53 +00:00
Joel Kamp
24a81bbfe1 Merge pull request #96 from docker/chore-update-dev-root 
chore: update dev root
v0.1.9 		2024-07-23 08:03:03 -05:00
mrjoelkamp
1e3c120272 fix: test targets file no ext 2024-07-22 16:03:23 -05:00
mrjoelkamp
d252a7f4d7 chore: update oci test data 2024-07-22 15:57:35 -05:00
mrjoelkamp
02421f8cf5 chore: update http test data 2024-07-22 15:52:14 -05:00
mrjoelkamp
a6cd978bc0 chore: update dev root 2024-07-22 15:23:28 -05:00
James Carnegie
efb73f4cae Use DSSE artifactType in referrers (#95) 
* bug: Use DSSE media types for artifactType

* Don't serialize DSSE extension if not present

* Update pkg/attestation/types.go

Co-authored-by: Joel Kamp <joel.kamp@docker.com>

* Don't error on no referrers

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-07-22 18:17:12 +01:00
James Carnegie
5e68d94ad4 set artifactType correctly for referrers fallback (#94) 
* set artifactType correctly for referrers fallback
 2024-07-19 16:39:35 +01:00
dependabot[bot]
10d4f129b5 feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0-20240504210453-5a634eb214ae to 2.0.0 (#92) 
* feat(deps): bump github.com/theupdateframework/go-tuf/v2

Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.0-20240504210453-5a634eb214ae to 2.0.0.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/theupdateframework/go-tuf/commits/v2.0.0)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Tidy go.mod

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jonny Stoten <jonny.stoten@docker.com>
 2024-07-17 17:01:09 +01:00
James Carnegie
de5668aca2 chore: fix linting errors (#91) 2024-07-16 12:52:33 +01:00
dependabot[bot]
79566ff70a feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#88) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-16 11:46:03 +01:00
dependabot[bot]
d01395144b feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#89) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-16 11:32:17 +01:00
James Carnegie
065b354d3c Make referrers attestations OCI compliant (#80) 
* Single attestation when creating VSA

* Create single layer images for referrers attestations

* Move mock to test package. Add artifacts test

* Add test for envelope detection

* Add tests for image/index saving

* Add mirror tests

* Remove AttestationImage field from AttestationManifest

* Update naming. strictReferers != laxReferrers

* Add specific test for SaveReferrers
 2024-07-16 10:05:17 +01:00
Jonny Stoten
a4c3bd07fe Add proper mirror support (#74) 
* Add rewrite support and fix existing tests

* Add unit tests for policy matching

* Compile regexes up front and store policies in map

* Add test for verify flow with mirror

* Rename ImageName -> ResolvedName

And only set it when necessary

* Rename Rewrite -> Replacement

but keep it as rewrite in the yaml
 2024-07-12 17:09:41 +01:00
dependabot[bot]
247448a765 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#86) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.24 to 1.27.26.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.24...config/v1.27.26)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-12 10:38:33 +01:00
dependabot[bot]
64e7f1ccab feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry (#79) 
Bumps [github.com/testcontainers/testcontainers-go/modules/registry](https://github.com/testcontainers/testcontainers-go) from 0.31.0 to 0.32.0.
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: github.com/testcontainers/testcontainers-go/modules/registry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-12 10:35:30 +01:00
dependabot[bot]
f3354d1251 feat(deps): bump github.com/google/go-containerregistry (#81) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-12 10:27:37 +01:00
dependabot[bot]
a36c43a173 feat(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 (#83) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.187.0 to 0.188.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.187.0...v0.188.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-12 10:27:14 +01:00
Joel Kamp
7e9b48baf9 Merge pull request #87 from docker/chore-update-defaults-export-roots 
chore: update default urls and export roots
 2024-07-11 13:22:36 -05:00
mrjoelkamp
da310234a4 feat: export embedded root names 2024-07-11 09:55:00 -05:00
mrjoelkamp
d65be7be7c fix: use prod as default for mirroring 2024-07-11 09:41:04 -05:00
Joel Kamp
2e2bc49387 Merge pull request #85 from docker/refactor--use-embedded-root-types 
feat: add EmbeddedRoot type
v0.1.7 		2024-07-11 03:36:06 -05:00
mrjoelkamp
0330ea4755 feat: add EmbeddedRoot type 2024-07-10 17:30:35 -05:00
Joel Kamp
0336a21a7d Merge pull request #84 from docker/feat-add-prod-tuf-root 
feat: add production TUF root
 2024-07-10 16:39:44 -05:00
mrjoelkamp
1754a98e4e fix: dont use keyword var 2024-07-10 16:35:48 -05:00
Joel Kamp
a05fc10d53 Update pkg/tuf/tuf_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-07-10 16:19:58 -05:00
mrjoelkamp
e830271d01 feat: add test 2024-07-10 14:39:52 -05:00
mrjoelkamp
1cb3e4a281 feat: add production tuf root 2024-07-10 14:29:59 -05:00
James Carnegie
6b199f027a Enable GCP integration test (#82) 2024-07-09 15:02:49 +01:00
dependabot[bot]
aaf043e9cd feat(deps): bump google.golang.org/api from 0.185.0 to 0.187.0 (#76) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.185.0 to 0.187.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.185.0...v0.187.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-05 12:36:47 +01:00
Jonny Stoten
ac693a45c7 Don't upload coverage results if we don't run e2e (#77) 
this way the coverage doesn't fluctuate between e2e and non-e2e test
runs
 2024-07-05 12:28:47 +01:00
James Carnegie
0038e3d23d Unify functions for use in sign & verify --vsa (#71) 
* Use receivers for manifest functions
* Move SaveImage/SaveIndex from image-signing-verifier
* Ignore test fixtures in coverage
* Add AddImagesToIndex function
 2024-07-05 09:29:14 +01:00
James Carnegie
0dd63bf5a3 Add GCP KMS support (#73) 
* Add GCP KMS support
 2024-07-04 15:32:10 +01:00
dependabot[bot]
5d56efa2df feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#75) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.23 to 1.27.24.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.23...config/v1.27.24)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-04 09:41:32 +01:00
dependabot[bot]
3ffef89dda feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.5 to 1.8.6 (#67) 2024-07-03 19:56:29 +00:00
dependabot[bot]
3c26a89496 feat(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0 (#69) 2024-07-03 19:45:50 +00:00
dependabot[bot]
6ee1d32ddc feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#70) 2024-07-03 19:33:53 +00:00
Joel Kamp
3140e2d903 Merge pull request #72 from docker/dependabot/go_modules/github.com/containerd/containerd-1.7.19 
feat(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.19
 2024-07-03 14:28:01 -05:00
dependabot[bot]
dd1141c231 feat(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.19 
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.18 to 1.7.19.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.18...v1.7.19)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-03 08:39:19 +00:00
James Carnegie
bda1910107 Add e2e auth test (#68) 
* Add e2e auth test
 2024-07-01 14:14:23 +01:00
dependabot[bot]
80658a4b5f feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#65) v0.1.6 2024-06-26 16:43:41 +00:00
Joel Kamp
46db2b9fd5 Merge pull request #59 from docker/feat-cloud-provider-authn 
feat: cloud provider authn
 2024-06-26 09:28:03 -05:00
mrjoelkamp
e37f788865 refactor: drop ACR support for now 2024-06-25 13:44:29 -05:00
Joel Kamp
13172cb502 Merge branch 'main' into feat-cloud-provider-authn 2024-06-25 12:06:46 -05:00
mrjoelkamp
abb3163628 fix: update aws-sdk-go-v2 2024-06-25 11:49:58 -05:00
James Carnegie
742f98fbeb Generate coverage when tests are run (#64) 
* Generate coverage when tests are run
* Use docker's codecov account
 2024-06-24 14:26:07 +01:00
Joel Kamp
8cae188735 Merge branch 'main' into feat-cloud-provider-authn 2024-06-21 16:39:45 -05:00
Joel Kamp
7586f4dfc4 Merge pull request #61 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.21 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.21
 2024-06-21 16:35:01 -05:00