Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sigstore-go to v0.3.0 and add local registry for tests #3154

Merged
merged 5 commits into from
Apr 24, 2024

Conversation

puerco
Copy link
Contributor

@puerco puerco commented Apr 24, 2024

Summary

This commit bumps the sigstore library to v0.3.0 which had a small breaking change.

For now, I added an internal constant for the sigstore media types replacing the constants that were removed from sigstore-go but added a new method to build the constants in sigstore/sigstore-go#154 . Once that change gets released I'll remove the internal consts.

This PR also adds a local registry to the test workflow to unit-test all OCI related functions (this PR includes one such test).

Supersedes #3062

Change Type

Mark the type of change your PR introduces:

  • Bug fix (resolves an issue without affecting existing features)
  • Feature (adds new functionality without breaking changes)
  • Breaking change (may impact existing functionalities or require documentation updates)
  • Documentation (updates or additions to documentation)
  • Refactoring or test improvements (no bug fixes or new functionality)

Testing

This PR modifies the test workflow to spin up a registry and adds a test for the sigstore bundle function. The registry is will be available during the test workflow on localhost:5000

The PR also includes the tarred layouts of a signed image used as fixtures for testing the sigstore functions.

Review Checklist:

  • Reviewed my own code for quality and clarity.
  • Added comments to complex or tricky code sections.
  • Updated any affected documentation.
  • Included tests that validate the fix or feature.
  • Checked that related changes are merged.

Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
This commit adds a step to the tests workflow to spin up a
new registry before running all th tests.

Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
@puerco puerco requested a review from a team as a code owner April 24, 2024 03:00
@puerco puerco changed the title Sigstore bump Bump sigstore-go to v0.3.0 and add loca registry for tests Apr 24, 2024
@puerco puerco changed the title Bump sigstore-go to v0.3.0 and add loca registry for tests Bump sigstore-go to v0.3.0 and add local registry for tests Apr 24, 2024
@coveralls
Copy link

Coverage Status

coverage: 49.754% (-0.005%) from 49.759%
when pulling 713640f on puerco:sigstore-bump
into 388da06 on stacklok:main.

Copy link
Contributor

@jhrozek jhrozek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love the tests and that you added a patch upstream. Thanks!

Copy link
Contributor

@dmjb dmjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@dmjb
Copy link
Contributor

dmjb commented Apr 24, 2024

@puerco can we close this one? #3062

@puerco
Copy link
Contributor Author

puerco commented Apr 24, 2024

@dmjb yes (or dependabot will once this merges)
Thanks both!

@puerco puerco merged commit c574c8a into mindersec:main Apr 24, 2024
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants