Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/scaffolding
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.7.8
Choose a base ref
...
head repository: sigstore/scaffolding
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.7.9
Choose a head ref
  • 12 commits
  • 11 files changed
  • 4 contributors

Commits on Sep 2, 2024

  1. Bump github/codeql-action from 3.26.5 to 3.26.6 (#1249)

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.5 to 3.26.6.
    - [Release notes](https://github.com/github/codeql-action/releases)
    - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
    - [Commits](github/codeql-action@2c779ab...4dd1613)
    
    ---
    updated-dependencies:
    - dependency-name: github/codeql-action
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 2, 2024
    Copy the full SHA
    647ffa8 View commit details
  2. Bump trillian-opensource-ci/db_server in /config/trillian/mysql (#1250)

    Bumps trillian-opensource-ci/db_server from `0447d06` to `58f8b09`.
    
    ---
    updated-dependencies:
    - dependency-name: trillian-opensource-ci/db_server
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 2, 2024
    Copy the full SHA
    c94db91 View commit details

Commits on Sep 4, 2024

  1. Remove unused preprod TUF GCS bucket (#1251)

    No longer needed, preprod is now served via GitHub Pages.
    
    Signed-off-by: Hayden Blauzvern <[email protected]>
    haydentherapper authored Sep 4, 2024
    Copy the full SHA
    77e5299 View commit details
  2. Set default value for tuf_main_page_suffix (#1252)

    Both root-signing and root-signing-staging now have a index.html
    (not a pretty one but the basic info is there).
    
    Signed-off-by: Jussi Kukkonen <[email protected]>
    jku authored Sep 4, 2024
    Copy the full SHA
    c4afdd7 View commit details

Commits on Sep 5, 2024

  1. add variable to toggle standalone mysql SSL setting (#1253)

    Signed-off-by: Bob Callaway <[email protected]>
    bobcallaway authored Sep 5, 2024
    Copy the full SHA
    3a1b16e View commit details

Commits on Sep 8, 2024

  1. strip port from TLS server name used in verification (#1254)

    Signed-off-by: Bob Callaway <[email protected]>
    bobcallaway authored Sep 8, 2024
    Copy the full SHA
    f23023b View commit details

Commits on Sep 9, 2024

  1. Bump github.com/sigstore/fulcio from 1.6.3 to 1.6.4 (#1255)

    Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.3 to 1.6.4.
    - [Release notes](https://github.com/sigstore/fulcio/releases)
    - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
    - [Commits](sigstore/fulcio@v1.6.3...v1.6.4)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/fulcio
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    fdd4d2a View commit details
  2. Bump github.com/sigstore/sigstore-go (#1256)

    Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 0.6.1-0.20240821212051-2198ac32dd94 to 0.6.1.
    - [Release notes](https://github.com/sigstore/sigstore-go/releases)
    - [Commits](https://github.com/sigstore/sigstore-go/commits/v0.6.1)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/sigstore-go
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    7c06ff3 View commit details
  3. Bump projectsigstore/fulcio in /config/fulcio/fulcio (#1261)

    Bumps projectsigstore/fulcio from v1.6.3 to v1.6.4.
    
    ---
    updated-dependencies:
    - dependency-name: projectsigstore/fulcio
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    9b8f347 View commit details
  4. Bump golang.org/x/net from 0.28.0 to 0.29.0 (#1257)

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.29.0.
    - [Commits](golang/net@v0.28.0...v0.29.0)
    
    ---
    updated-dependencies:
    - dependency-name: golang.org/x/net
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    68185bb View commit details
  5. Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 (#1260)

    Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.2 to 1.20.3.
    - [Release notes](https://github.com/prometheus/client_golang/releases)
    - [Changelog](https://github.com/prometheus/client_golang/blob/v1.20.3/CHANGELOG.md)
    - [Commits](prometheus/client_golang@v1.20.2...v1.20.3)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/prometheus/client_golang
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    bbbb128 View commit details
  6. Bump trillian-opensource-ci/db_server in /config/trillian/mysql (#1262)

    Bumps trillian-opensource-ci/db_server from `58f8b09` to `c5195ff`.
    
    ---
    updated-dependencies:
    - dependency-name: trillian-opensource-ci/db_server
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 9, 2024
    Copy the full SHA
    8a33f8e View commit details
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
if: steps.changes.outputs.gocode == 'true'
uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
languages: '${{ matrix.language }}'

@@ -57,4 +57,4 @@ jobs:
- name: Perform CodeQL Analysis
if: steps.changes.outputs.gocode == 'true'
uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
2 changes: 1 addition & 1 deletion .github/workflows/terraform.yml
Original file line number Diff line number Diff line change
@@ -80,7 +80,7 @@ jobs:
tfsec_args: --force-all-dirs --verbose

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
7 changes: 6 additions & 1 deletion cmd/prober/prober.go
Original file line number Diff line number Diff line change
@@ -26,6 +26,7 @@ import (
"log"
"net/http"
"os"
"strings"
"time"

retryablehttp "github.com/hashicorp/go-retryablehttp"
@@ -196,8 +197,12 @@ func main() {
}

func NewFulcioGrpcClient() (fulciopb.CAClient, error) {
grpcHostname := fulcioGrpcURL
if idx := strings.Index(fulcioGrpcURL, ":"); idx != -1 {
grpcHostname = fulcioGrpcURL[:idx]
}
opts := []grpc.DialOption{grpc.WithUserAgent(options.UserAgent())}
transportCreds := credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12})
transportCreds := credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12, ServerName: grpcHostname})
opts = append(opts, grpc.WithTransportCredentials(transportCreds))
conn, err := grpc.NewClient(fulcioGrpcURL, opts...)
if err != nil {
4 changes: 2 additions & 2 deletions config/fulcio/fulcio/300-fulcio.yaml
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ spec:
# This doesn't actually use Kubernetes credentials, so don't mount them in.
automountServiceAccountToken: false
containers:
- image: gcr.io/projectsigstore/fulcio:v1.6.3@sha256:58e77f4dc183d4c03d04a2955f876479adaeee2e94366f3ee0e8a160f2c38a60
- image: gcr.io/projectsigstore/fulcio:v1.6.4@sha256:4b2a0f0877095aa36898af70edd00568158f89e015f6bb7f02475660d0924f3b
name: fulcio
ports:
- containerPort: 5555
@@ -90,7 +90,7 @@ spec:
# This doesn't actually use Kubernetes credentials, so don't mount them in.
automountServiceAccountToken: false
containers:
- image: gcr.io/projectsigstore/fulcio:v1.6.3@sha256:58e77f4dc183d4c03d04a2955f876479adaeee2e94366f3ee0e8a160f2c38a60
- image: gcr.io/projectsigstore/fulcio:v1.6.4@sha256:4b2a0f0877095aa36898af70edd00568158f89e015f6bb7f02475660d0924f3b
name: fulcio-grpc
ports:
- containerPort: 5554
2 changes: 1 addition & 1 deletion config/trillian/mysql/300-mysql-trillian.yaml
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ metadata:
app: mysql-trillian
spec:
containers:
- image: gcr.io/trillian-opensource-ci/db_server@sha256:0447d06e211d85c3197e43d1bff8bf48bd01bedd2e282a42c4ae9b19761ae029
- image: gcr.io/trillian-opensource-ci/db_server@sha256:c5195ff7b05084478f1125167f6ae314e46cade50d761665e2063e27c0a20314
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
41 changes: 20 additions & 21 deletions go.mod
Original file line number Diff line number Diff line change
@@ -27,22 +27,22 @@ require (
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec
github.com/mitchellh/go-homedir v1.1.0
github.com/mitchellh/mapstructure v1.5.0
github.com/prometheus/client_golang v1.20.2
github.com/prometheus/client_golang v1.20.3
github.com/ryanuber/go-glob v1.0.0
github.com/sigstore/cosign/v2 v2.4.0
github.com/sigstore/fulcio v1.6.3
github.com/sigstore/fulcio v1.6.4
github.com/sigstore/rekor v1.3.6
github.com/sigstore/sigstore v1.8.8
github.com/sigstore/sigstore-go v0.6.1-0.20240821212051-2198ac32dd94
github.com/sigstore/sigstore v1.8.9
github.com/sigstore/sigstore-go v0.6.1
github.com/sigstore/timestamp-authority v1.2.2
github.com/stretchr/testify v1.9.0
github.com/theupdateframework/go-tuf v0.7.0
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
go.uber.org/zap v1.27.0
golang.org/x/crypto v0.26.0
golang.org/x/net v0.28.0
golang.org/x/crypto v0.27.0
golang.org/x/net v0.29.0
golang.org/x/time v0.6.0
google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142
google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c
google.golang.org/grpc v1.66.0
google.golang.org/protobuf v1.34.2
gopkg.in/square/go-jose.v2 v2.6.0
@@ -63,12 +63,12 @@ require (
cloud.google.com/go/auth v0.9.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
cloud.google.com/go/compute/metadata v0.5.0 // indirect
cloud.google.com/go/iam v1.1.12 // indirect
cloud.google.com/go/kms v1.18.4 // indirect
cloud.google.com/go/longrunning v0.5.11 // indirect
cloud.google.com/go/monitoring v1.20.3 // indirect
cloud.google.com/go/iam v1.1.13 // indirect
cloud.google.com/go/kms v1.18.5 // indirect
cloud.google.com/go/longrunning v0.5.12 // indirect
cloud.google.com/go/monitoring v1.20.4 // indirect
cloud.google.com/go/spanner v1.67.0 // indirect
cloud.google.com/go/trace v1.10.11 // indirect
cloud.google.com/go/trace v1.10.12 // indirect
contrib.go.opencensus.io/exporter/stackdriver v0.13.14 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
@@ -145,9 +145,8 @@ require (
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/docker/cli v24.0.7+incompatible // indirect
github.com/docker/cli v27.1.1+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v26.1.5+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
@@ -176,7 +175,7 @@ require (
github.com/golang/protobuf v1.5.4 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-containerregistry v0.20.1 // indirect
github.com/google/go-containerregistry v0.20.2 // indirect
github.com/google/go-github/v55 v55.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
@@ -228,7 +227,7 @@ require (
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/common v0.57.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/prometheus/prometheus v0.51.0 // indirect
github.com/rs/cors v1.11.0 // indirect
@@ -279,14 +278,14 @@ require (
golang.org/x/mod v0.20.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/sys v0.25.0 // indirect
golang.org/x/term v0.24.0 // indirect
golang.org/x/text v0.18.0 // indirect
golang.org/x/tools v0.24.0 // indirect
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
google.golang.org/api v0.194.0 // indirect
google.golang.org/api v0.195.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
Loading