Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support verifying GHA signatures, Url prefix subjects #146

Merged
merged 6 commits into from
Jul 5, 2022
Merged

feat: Support verifying GHA signatures, Url prefix subjects #146

merged 6 commits into from
Jul 5, 2022

Conversation

viccuad
Copy link
Member

@viccuad viccuad commented Jun 24, 2022
edited
Loading

Description

Add verify_github_actions(), which is called when we receive the new
CallbackRequestType::SigstoreGithubActionsVerify{}.

Add verify_keyless_prefix(), which is called when we receive the new
CallbackRequestType::SigstoreKeylessPrefixVerify{}.

Depends on kubewarden/policy-sdk-rust#46

Relates to kubewarden/policy-sdk-rust#40
Relates to kubewarden/policy-sdk-rust#41

Test

Additional Information

Tradeoff

Potential improvement

@viccuad viccuad self-assigned this Jun 24, 2022
raulcabello
raulcabello approved these changes Jul 4, 2022
View reviewed changes
Copy link
Contributor

@raulcabello raulcabello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! just don't forget to change kubewarden-policy-sdk in the Cargo.toml

@viccuad viccuad changed the title feat: Support verifying GHA signatures feat: Support verifying GHA signatures, Url prefix subjects Jul 4, 2022
@viccuad
build: Consume kubewarden-policy-sdk 0.6.1
761d753 
Contains needed GHA changes.
@viccuad
feat: Support verifying GHA signatures
112c9f1 
Add `verify_github_actions()`, which is called when we receive the new
`CallbackRequestType::SigstoreGithubActionsVerify{}`.
@viccuad
feat: Support verifying URL prefix subjects
013c806 
Add `verify_keyless_prefix()`, which is called when we receive the new
`CallbackRequestType::SigstoreKeylessPrefixVerify{}`.
@viccuad
fix: Burrego clippy format_push_string warning
8ac5b68
@viccuad viccuad marked this pull request as ready for review July 5, 2022 10:44
@viccuad viccuad requested a review from a team as a code owner July 5, 2022 10:44
@viccuad
Copy link
Member Author

viccuad commented Jul 5, 2022

rebased consuming the yet-unreleased kubewarden-sdk-rust 0.6.1.

flavio
flavio approved these changes Jul 5, 2022
View reviewed changes
Copy link
Member

@flavio flavio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ship it!

@jvanz jvanz merged commit b9c6eb7 into kubewarden:main Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raulcabello raulcabello raulcabello approved these changes

@jvanz jvanz jvanz approved these changes

@flavio flavio flavio approved these changes

Assignees

@viccuad viccuad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@viccuad @flavio @jvanz @raulcabello