docs: nVersionCount support for KMP design doc #1831
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
duffney
requested review from
akashsinghal,
binbin-li,
jimmyraywv,
luisdlp,
susanshi and
toddysm
as code owners
duffney
force-pushed
the
issue-1751/design-doc
branch
from
a10a920 to
403c440
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅ |
susanshi
reviewed
Sep 30, 2024
docs/design/kmp-nversions.md
Outdated
|
|
||
| ## Proposed Solution | ||
|
|
||
| To address this challenge, this proposal suggests adding support for the `maxVersionCount` parameter to the KMP resource in Ratify. This parameter will allow users to specify the number of versions of a certificate or key that should be retained in the cache. |
There was a problem hiding this comment.
Suggestion to include a CR example with maxVersionCount parameter
|
|
||
| When a new version of a certificate or key is created, Ratify will check the `maxVersionCount` parameter to determine how many versions should be retained in the cache. If the number of versions exceeds the specified count, Ratify will remove the oldest version from the cache. | ||
|
|
||
| If a version is disabled, Ratify will remove it from the cache. This ensures that disabled versions are not retained in the cache, reducing the risk of using compromised keys or certificates being passed to the verifiers. |
There was a problem hiding this comment.
Suggestion to add example of the output of "describe" command. Customer should be able to see the versions fetched. If a version is disabled, I m thinking we could:
- log a warning that cert was skipped due to cert disabled state
- agreed we should not cache disabled version
duffney
force-pushed
the
issue-1751/design-doc
branch
2 times, most recently
from
720e23c to
6d12c77
Compare
Signed-off-by: Joshua Duffney <[email protected]>
Signed-off-by: Joshua Duffney <[email protected]>
Signed-off-by: Joshua Duffney <[email protected]>
Signed-off-by: Joshua Duffney <[email protected]>
duffney
force-pushed
the
issue-1751/design-doc
branch
from
6c2a425 to
f437e49
Compare
|
Are there scenarios where a customer might not want Ratify to fully match the upstream secret store? If limiting the number of versions in Ratify isn’t necessary, would it make sense to introduce a |
Signed-off-by: Joshua Duffney <[email protected]>
Discussed in PR review meeting , we want to use existing patterns from secret store csi driver with a version count configured for now. |
binbin-li
reviewed
Oct 8, 2024
|
@yizha1 & @FeynmanZhou would you mind reviewing the proposal to see if it's in alignment with your expectations. Thanks! |
yizha1
reviewed
Oct 10, 2024
docs/design/kmp-nversions.md
Outdated
| ``` | ||
| - Add the `maxVersionCount` parameter to the KMP resource in Ratify. | ||
| - ensure the value cannot be less than 1 or a negative number | ||
| - default to 0 if not specified |
There was a problem hiding this comment.
The parameter name maxVersionCount seems not intuitive. For example, the default value 0 means max version count is 0 , however, we will cache one version, the latest one, right? If the value is 1, we cached two versions. Maybe using maxPreviousVersionCount or previousVersionCount is better? Additonally, using max is also a bit confusing for me, for example, if the value is 2, does that mean at maximum, two versions are cached, but caching one version is still OK?
Since it means the cached versions, how about using the parameter name cachedVersionCount or cachedPreviousVersionCount?
There was a problem hiding this comment.
discussed during community meeting. we want to avoid 'cache' as this is implementation detail. We are proposing , "syncVersionCount", and given @duffney 's research that 3 is a common default. We propose to stay with 3 as the default.
There was a problem hiding this comment.
not a strong opinion, just posting a var name recommended by Chatgpt, versionsFetchLimit
There was a problem hiding this comment.
secret store uses objectVersionHistory, so perhaps a good name for us would be certificateVersionHistory? or simply versionHistory?
There was a problem hiding this comment.
discussed during community meeting, we would go with "versionHistory"
docs/design/kmp-nversions.md
Outdated
| - Should the KMP status return a flat list of versions? | ||
| - [x] Yes, the status should return a flat list of versions. | ||
| - What should the maximum value for nVersionCount be? | ||
| - [ ] TBD |
There was a problem hiding this comment.
Maybe we can start with 2, which means we will cache the latest version and one previous version.
There was a problem hiding this comment.
That does break away from the pattern secret store driver has, but I'm not opposed.
It does bring up an interesting point, what exactly is the int counting for the value of the history? Is it the total number of the versions stored in the KMP or latest +n? for example the secret store, always stores latest and then if you specify to store one more than latest you would pass 1 to the objectVersionHistory option.
There was a problem hiding this comment.
discussed during community meeting, versionHistory defaults to 2 ( keeping 3 version)
There was a problem hiding this comment.
discussed during community meeting, versionHistory defaults to 2 ( keeping 3 version)
LGTM. One current version, 2 history versions
Signed-off-by: Joshua Duffney <[email protected]>
|
The design doc has been updated to reflect all the decisions that came from the last two weeks of community meeting discussions and comments. |
7 tasks
Signed-off-by: Joshua Duffney <[email protected]>
akashsinghal
approved these changes
Oct 21, 2024
junczhu
pushed a commit
to junczhu/ratify
that referenced
this pull request
Dec 10, 2024
…-project#1876) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (ratify-project#1877) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump vscode/devcontainers/go from `bdecb4c` to `46f85d1` in /.devcontainer (ratify-project#1879) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl cache Signed-off-by: Juncheng Zhu <[email protected]> feat: crl cache 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: added interfaces Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier Signed-off-by: Juncheng Zhu <[email protected]> feat: kmp revocationfactory refactor Signed-off-by: Juncheng Zhu <[email protected]> chore: bump up go version to 1.22.8 (ratify-project#1880) Signed-off-by: Binbin Li <[email protected]> Signed-off-by: Binbin Li <[email protected]> chore: Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (ratify-project#1878) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: design proposal for tag and digest co-existing [ISSUE 1657] (ratify-project#1793) docs: add CRL Design (ratify-project#1789) Signed-off-by: Juncheng Zhu <[email protected]> docs: Create proposal for verifying 'last-n' artifacts only. (ratify-project#1797) Signed-off-by: Susan Shi <[email protected]> docs: nVersionCount support for KMP design doc (ratify-project#1831) Signed-off-by: Joshua Duffney <[email protected]> ci: retry trivy db update upon failure (ratify-project#1881) Signed-off-by: Binbin Li <[email protected]> chore: Bump anchore/sbom-action from 0.17.4 to 0.17.5 (ratify-project#1882) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ci: fix tagging in publish-ghcr workflow (ratify-project#1884) Signed-off-by: Binbin Li <[email protected]> ci: retry trivy download-db on failure (ratify-project#1883) Signed-off-by: Binbin Li <[email protected]> chore: migrate azure-sdk-for-go/containerregistry to the latest release (ratify-project#1829) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump github/codeql-action from 3.26.13 to 3.27.0 (ratify-project#1887) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: update bytesFetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: refactor the interface Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: update charts (ratify-project#1892) Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump actions/checkout from 4.2.1 to 4.2.2 (ratify-project#1893) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.0.2 to 5.1.0 (ratify-project#1894) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/apimachinery from 0.28.14 to 0.28.15 (ratify-project#1896) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `26f9b99` to `3a03fc0` in /httpserver (ratify-project#1899) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/client-go from 0.28.14 to 0.28.15 (ratify-project#1897) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.5 to 0.17.6 (ratify-project#1903) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: allow service account annotations (ratify-project#1907) Signed-off-by: Maneesh Singh <[email protected]> feat: add interface for testing Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 2 Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 3 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 3 Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]>
junczhu
pushed a commit
to junczhu/ratify
that referenced
this pull request
Dec 10, 2024
…-project#1876) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (ratify-project#1877) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump vscode/devcontainers/go from `bdecb4c` to `46f85d1` in /.devcontainer (ratify-project#1879) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl cache Signed-off-by: Juncheng Zhu <[email protected]> feat: crl cache 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: added interfaces Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier Signed-off-by: Juncheng Zhu <[email protected]> feat: kmp revocationfactory refactor Signed-off-by: Juncheng Zhu <[email protected]> chore: bump up go version to 1.22.8 (ratify-project#1880) Signed-off-by: Binbin Li <[email protected]> Signed-off-by: Binbin Li <[email protected]> chore: Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (ratify-project#1878) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: design proposal for tag and digest co-existing [ISSUE 1657] (ratify-project#1793) docs: add CRL Design (ratify-project#1789) Signed-off-by: Juncheng Zhu <[email protected]> docs: Create proposal for verifying 'last-n' artifacts only. (ratify-project#1797) Signed-off-by: Susan Shi <[email protected]> docs: nVersionCount support for KMP design doc (ratify-project#1831) Signed-off-by: Joshua Duffney <[email protected]> ci: retry trivy db update upon failure (ratify-project#1881) Signed-off-by: Binbin Li <[email protected]> chore: Bump anchore/sbom-action from 0.17.4 to 0.17.5 (ratify-project#1882) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ci: fix tagging in publish-ghcr workflow (ratify-project#1884) Signed-off-by: Binbin Li <[email protected]> ci: retry trivy download-db on failure (ratify-project#1883) Signed-off-by: Binbin Li <[email protected]> chore: migrate azure-sdk-for-go/containerregistry to the latest release (ratify-project#1829) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump github/codeql-action from 3.26.13 to 3.27.0 (ratify-project#1887) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: update bytesFetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: refactor the interface Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: update charts (ratify-project#1892) Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump actions/checkout from 4.2.1 to 4.2.2 (ratify-project#1893) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.0.2 to 5.1.0 (ratify-project#1894) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/apimachinery from 0.28.14 to 0.28.15 (ratify-project#1896) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `26f9b99` to `3a03fc0` in /httpserver (ratify-project#1899) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/client-go from 0.28.14 to 0.28.15 (ratify-project#1897) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.5 to 0.17.6 (ratify-project#1903) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: allow service account annotations (ratify-project#1907) Signed-off-by: Maneesh Singh <[email protected]> feat: add interface for testing Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 2 Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 3 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 3 Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 1 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.3 (ratify-project#1912) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.41 to 1.17.42 (ratify-project#1911) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/AzureAD/microsoft-authentication-library-for-go from 1.2.2 to 1.2.3 (ratify-project#1910) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.6 to 0.17.7 (ratify-project#1915) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (ratify-project#1916) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support enabled status for kmp keys/certs (ratify-project#1874) Signed-off-by: Joshua Duffney <[email protected]> ci: add cron job to cache trivy db (ratify-project#1918) Signed-off-by: Binbin Li <[email protected]> fix: fix the conditional check on update-trivy-cache job (ratify-project#1919) Signed-off-by: Binbin Li <[email protected]> feat: add support for crl basic functionality with built-in cache (ratify-project#1890) Signed-off-by: Juncheng Zhu <[email protected]> Co-authored-by: Binbin Li <[email protected]> chore: Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (ratify-project#1920) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.0 to 3.27.1 (ratify-project#1922) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.42 to 1.17.44 (ratify-project#1923) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `0ca97f4` to `4cfe4a9` in /httpserver (ratify-project#1925) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.1 to 3.27.3 (ratify-project#1926) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support alibaba cloud rrsa store auth provider (ratify-project#1909) Signed-off-by: dahu.kdh <[email protected]> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 4 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 5 Signed-off-by: Juncheng Zhu <[email protected]> chore: kmprevocationfactory reform Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 4 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 5 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 6 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 7 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 8 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.3 to 3.27.4 (ratify-project#1929) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump alpine from `beefdbd` to `1e42bbe` (ratify-project#1937) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `4cfe4a9` to `147f428` in /httpserver (ratify-project#1936) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `3a03fc0` to `d71f4b2` in /httpserver (ratify-project#1935) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aliyun/credentials-go from 1.3.10 to 1.3.11 (ratify-project#1934) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.44 to 1.17.45 (ratify-project#1933) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 4.6.0 to 5.0.2 (ratify-project#1932) Signed-off-by: dependabot[bot] <[email protected]> chore: Replace deprecated autorest SDK with azidentity (ratify-project#1904) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump step-security/harden-runner from 2.10.1 to 2.10.2 (ratify-project#1938) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.2 to 5.0.4 (ratify-project#1939) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.4 to 5.0.7 (ratify-project#1946) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.4 to 3.27.5 (ratify-project#1945) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.7 to 0.17.8 (ratify-project#1948) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.45 to 1.17.46 (ratify-project#1953) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> fix: add missing pod annotations and labels to deployment spec (ratify-project#1949) Signed-off-by: akashsinghal <[email protected]> chore: revert changes in AKV KMP provider Signed-off-by: Juncheng Zhu <[email protected]> chore: add more comments Signed-off-by: Juncheng Zhu <[email protected]> chore: add more comments and fix Signed-off-by: Juncheng Zhu <[email protected]> chore: update logging Signed-off-by: Juncheng Zhu <[email protected]> chore: update test Signed-off-by: Juncheng Zhu <[email protected]> chore: update test 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: limited changes 3 Signed-off-by: Juncheng Zhu <[email protected]> chore: more changes applied Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github.com/sigstore/rekor from 1.3.6 to 1.3.7 (ratify-project#1952) Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Susan Shi <[email protected]> Signed-off-by: Binbin Li <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump up golangci-lint version (ratify-project#1961) Signed-off-by: Binbin Li <[email protected]> fix(tls): allowing TLS when crd-manager disabled (ratify-project#1954) Signed-off-by: Jordan Langue <[email protected]> chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.28.3 to 1.28.6 (ratify-project#1957) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `d71f4b2` to `6cd937e` in /httpserver (ratify-project#1960) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: fix go-lint Signed-off-by: Juncheng Zhu <[email protected]> chore: improve codecov Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> chore: remove the CRL Cache in truststore Signed-off-by: Juncheng Zhu <[email protected]> chore: renaming func Signed-off-by: Juncheng Zhu <[email protected]> chore: fix 1 Signed-off-by: Juncheng Zhu <[email protected]> chore: fix 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.5 to 3.27.6 (ratify-project#1963) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: add more test case Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> chore: fix codecov Signed-off-by: Juncheng Zhu <[email protected]> chore: fix context reference Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> build: add image signing for all release images (ratify-project#1947) Signed-off-by: Akash Singhal <[email protected]> chore: Bump golang from `73f06be` to `574185e` in /httpserver (ratify-project#1973) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Design document for nVersionCount support for the KMP.
Type of change
Post Merge Requirements
Helm Chart Change