Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure SLSA Attestations are Generated when Possible #889

Merged
merged 7 commits into from
Dec 26, 2023
Merged

Ensure SLSA Attestations are Generated when Possible #889

merged 7 commits into from
Dec 26, 2023

Conversation

coder12git
Copy link
Contributor

@coder12git coder12git commented Dec 19, 2023
edited
Loading

Fixes #876 Task-4 - Security Slam

Description
This PR ensure SLSA Attestations are Generated when Possible. Checkout this doc for reference.

// @jonathan-innis

How was this change tested?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 19, 2023
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Dec 19, 2023
@k8s-ci-robot
Copy link
Contributor

Hi @coder12git. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 19, 2023
@coveralls
Copy link

coveralls commented Dec 19, 2023
edited
Loading

Pull Request Test Coverage Report for Build 7326865305

Warning: This coverage report may be inaccurate.

We've detected an issue with your CI configuration that might affect the accuracy of this pull request's coverage report.
To ensure accuracy in future PRs, please see these guidelines.
A quick fix for this PR: rebase it; your next report should be accurate.

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 135 unchanged lines in 18 files lost coverage.
  • Overall coverage remained the same at 79.998%
Files with Coverage Reduction New Missed Lines %
pkg/test/storage.go 1 96.0%
pkg/controllers/nodeclaim/disruption/drift.go 2 94.52%
pkg/controllers/nodeclaim/disruption/emptiness.go 2 94.83%
pkg/controllers/nodeclaim/lifecycle/controller.go 2 71.93%
pkg/controllers/nodeclaim/lifecycle/liveness.go 2 80.95%
pkg/controllers/nodeclaim/lifecycle/registration.go 2 83.02%
pkg/controllers/nodepool/hash/controller.go 2 62.5%
pkg/controllers/disruption/helpers.go 4 88.44%
pkg/controllers/nodeclaim/lifecycle/launch.go 4 94.94%
pkg/controllers/nodepool/counter/controller.go 5 60.71%
Totals Coverage Status
Change from base Build 7256601108: 0.0%
Covered Lines: 7623
Relevant Lines: 9529
💛 - Coveralls

@coder12git
Copy link
Contributor Author

Fixes #876 Task-4 - Security Slam

Description This PR ensure SLSA Attestations are Generated when Possible. Checkout this doc for reference.

// @jonathan-innis

How was this change tested?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

https://github.com/kubernetes-sigs/karpenter/actions/runs/7258678139

jonathan-innis
jonathan-innis reviewed Dec 19, 2023
View reviewed changes
.github/workflows/release.yaml Outdated Show resolved Hide resolved
.github/workflows/release.yaml Show resolved Hide resolved
@coder12git
changes
7d83c92 
Signed-off-by: coder12git <[email protected]>
@coder12git
Copy link
Contributor Author

Done the changes

@jonathan-innis
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 19, 2023
@ricardoapl
Copy link
Member

@coder12git have you confirmed @sreeram-venkitesh no longer intents to work on this task?

I think it's best to confirm with the previous assignee before

@coder12git
Copy link
Contributor Author

@coder12git have you confirmed @sreeram-venkitesh no longer intents to work on this task?

I think it's best to confirm with the previous assignee before

Yeah it's fine!

@ricardoapl ricardoapl mentioned this pull request Dec 20, 2023
Closed
13 tasks
@sreeram-venkitesh
Copy link
Member

I got caught up with some work in my day job and hence couldn't look into this. Thanks @coder12git for raising the PR, you can go ahead with this task!

@coder12git
Copy link
Contributor Author

any update here?

@mehabhalodiya
Copy link

I think the CI checks are passing, and maybe we are good to merge this now, isn't it?

@coder12git
Copy link
Contributor Author

I think the CI checks are passing, and maybe we are good to merge this now, isn't it?

From my side, yes.. I have also attached the output of the file

jonathan-innis
jonathan-innis reviewed Dec 24, 2023
View reviewed changes
.github/workflows/release.yaml Outdated Show resolved Hide resolved
.github/workflows/release.yaml Outdated Show resolved Hide resolved
jonathan-innis
jonathan-innis reviewed Dec 25, 2023
View reviewed changes
.github/workflows/release.yaml Outdated Show resolved Hide resolved
.github/workflows/release.yaml Outdated Show resolved Hide resolved
@coder12git
fix check
45e9669 
Signed-off-by: coder12git <[email protected]>
jonathan-innis
jonathan-innis reviewed Dec 26, 2023
View reviewed changes
Copy link
Member

@jonathan-innis jonathan-innis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 26, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: coder12git, jonathan-innis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 26, 2023
@jonathan-innis
Copy link
Member

Thanks for the work here @coder12git! Awesome to see these security slam tasks getting knocked out!

@k8s-ci-robot k8s-ci-robot merged commit ca613d0 into kubernetes-sigs:main Dec 26, 2023
11 checks passed
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
d7b5161 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
e9265a4 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
d601e4f 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
2312691 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
2db7702 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
2cda50c 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
19d2a67 
…#889)

Signed-off-by: coder12git <[email protected]>
jonathan-innis pushed a commit to jonathan-innis/karpenter that referenced this pull request Dec 26, 2023
@coder12git @jonathan-innis
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
deb657b 
…#889)

Signed-off-by: coder12git <[email protected]>
@jonathan-innis jonathan-innis mentioned this pull request Dec 26, 2023
Merged
nikmohan123 pushed a commit to nikmohan123/karpenter that referenced this pull request Jan 10, 2024
@coder12git @nikmohan123
Ensure SLSA Attestations are Generated when Possible (kubernetes-sigs…
33e6602 
…#889)

Signed-off-by: coder12git <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathan-innis jonathan-innis jonathan-innis left review comments

@jackfrancis jackfrancis Awaiting requested review from jackfrancis

@tallaxes tallaxes Awaiting requested review from tallaxes

Assignees

@jonathan-innis jonathan-innis

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Slam: Kubernetes Lightning Round
7 participants
@coder12git @k8s-ci-robot @coveralls @jonathan-innis @ricardoapl @sreeram-venkitesh @mehabhalodiya