forked from in-toto/go-witness
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chore/upstream go witness #4
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…oes not already exist
closes in-toto#16 a bit further, had some idle time
fixes in-toto#20 Now when the user registers with their github, they are automatically signed in
… they are associated with fixes in-toto#18
…or things on push if we actually changed them
…toto#34) Sets up proxies to archivista, judge-api, kratos, and login from netlify deployments to our production instances of these. Eventually we may need to break these out to short lived versions of the back end services. Fixes in-toto#33
Netlify was only doing redirects for exact matches of `/archivista` or `/login`, where we want all paths to be redirected to those services. Fixes in-toto#33
this helps enable generating our versions and changelog from our git tree helps close in-toto#9
subtasks: fix: prepush-if-changed shouldn't run node tests if node files aren't touched chore: update commitlint to allow for bypassing with 'wip' fix: prepushrc for node and go prepush test hook chore: updates to commitlint for longer messages fixes in-toto#40 if a ops developer contributed code but had not run `npm run start:web` on the web project to produce the graphql cache, then linting would fail. Rather than ask ops devs to make sure they start the web app every now and then, we have addressed this by making the graphql cache optional.
git-subtree-dir: subtrees/witness git-subtree-split: cc2478e854c6dd91cc6b20ed3baa6ba47dbadb3f
git-subtree-dir: subtrees/archivista git-subtree-split: 21ab99d5c42737eb9526ac43e51e460f74436685
git-subtree-dir: subtrees/go-witness git-subtree-split: 31e6790
…nted the policydecision cloudevent posting to decision log provider
be20100 fix: dev/Dockerfile.go-builder to reduce vulnerabilities aa35c1f fix: update changed signer flags in tests f7d7e96 fix: use the pflag.FlagSet.Set function to set values from config files 03ab65f fix: re-enable verify tests 5bf31d7 docs: regenerate docs for new cli flags d713711 refactor: create helper function to add options from registries 88a8d93 docs: regenerate docs for new cli flags 4a41144 feat: use signer registry to setup signers for CLI flags 0c7a4e5 refactor: use generic registry for attestor options git-subtree-dir: subtrees/witness git-subtree-split: be20100af602c780deeef50c54f5338662ce917c
… implemented the policydecision cloudevent posting to decision log provider" This reverts commit 21d6a66b5be18a9a165d18ce0528c8fbcf4ebd79.
… verify results and stores them" This reverts commit f178afe.
…a policy" This reverts commit 627a7a2.
06031da Checking attestors for duplicates (in-toto#361) 1a9b5a2 Initial attempt at PR and Issue templates (in-toto#351) 83ca942 chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (in-toto#358) 63cc5d8 chore: bump github/codeql-action from 3.22.12 to 3.23.0 (in-toto#357) 70e0b09 chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (in-toto#356) d2471e6 chore: bump actions/cache from 3.3.2 to 3.3.3 (in-toto#355) f2e2a6f Update cloudflare/circl due to dependabot failure (in-toto#352) abce18b Add cosign install 15d9014 Add signing to goreleaser and Best Practices badge to readme. 93768db Pin dependencies and restrict permissions 494d44a Add Security MD files an add FOSSA scan badge b9e38d5 Add FOSSA license scanning 617e15a chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (in-toto#349) 2c590bb Update go-git to resolve vulnerability (in-toto#346) 88881fa chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (in-toto#342) ea67d31 chore: bump github/codeql-action from 3.22.11 to 3.22.12 (in-toto#343) b8f36d6 chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (in-toto#337) 34563ab chore: bump github/codeql-action from 2.22.9 to 3.22.11 (in-toto#336) 46b168d chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (in-toto#335) b36c96d Bumping Go version for goreleaser (in-toto#333) c06555d Migrating to the use of in-toto/go-witness module (in-toto#331) c0f5843 Migrating go module (in-toto#328) 937eab8 Adding the contributing.md from archivista (in-toto#327) f0c8f43 Adding help to Makefile and updating `make test` target (in-toto#325) 71856fd chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (in-toto#324) 709ad35 chore: bump github/codeql-action from 2.22.8 to 2.22.9 (in-toto#323) 684fd6a chore: bump actions/setup-go from 4.1.0 to 5.0.0 (in-toto#322) a823f58 chore: bump actions/checkout from 3.6.0 to 4.1.1 (in-toto#321) 862d8c4 chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (in-toto#320) b19afc8 Fix initial pre-commit violations (in-toto#319) a56715e Refactoring error messages to use `%w` formatting directive and fix logging issue (in-toto#314) 0bca967 feat: add algo hash list for digest calc in config (in-toto#292) 81bdfce Improve gha (in-toto#318) f65b232 [StepSecurity] Apply security best practices (in-toto#316) bcf7ecf Update README.md - fixing quickstart url 8dde14c docs: correct sign policy file command in README.md 752b9e0 chore: bump github/codeql-action from 2.22.7 to 2.22.8 15bec9e chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 0363ee3 chore: bump actions/setup-go from 2 to 4 a412c18 chore: bump actions/cache from 2 to 3 e7a6f44 chore: bump github/codeql-action from 2.22.6 to 2.22.7 932ff1e chore: bump actions/checkout from 2 to 4 (in-toto#301) 5e56558 chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (in-toto#305) f49ff8e chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (in-toto#304) 873f55c chore: bump golangci/golangci-lint-action from 2 to 3 (in-toto#303) 1880baa chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (in-toto#302) 9380cbe chore: bump github/codeql-action from 1.0.26 to 2.22.6 (in-toto#300) 21cb944 chore: bump docker/login-action from 2 to 3 (in-toto#299) 2219a76 fix: updating urls to `in-toto` from `testifysec` and `-L` to the curl for version (in-toto#297) b3d7207 Add dependabot config and add reusable workflow for calling witness (in-toto#298) 5beb113 Add maintainers file 602dc48 chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 edef808 docs: Update key to signer-file-key-path in getting starter .witness.yaml 8e9d798 fix: dev/Dockerfile.go-builder to reduce vulnerabilities 27f68b9 chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 git-subtree-dir: subtrees/witness git-subtree-split: 06031da4459ee4aea13ee83c59f9dee8171133ff
74f6c3dc chore: bump the all-go-mod group with 1 update (#425) bed18639 Update GHA triggers to fine tune for code changes vs other updates (#406) 6f7d4a80 Adding ability to list attestors (in-toto#384) 1fbdaa9b chore: bump the all-gha group with 1 update (#426) 90cb5acb Update dependabot.yml (#405) c86b46dc small typo fix (#424) f5deef58 chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423) 6bec1817 chore: bump actions/cache from 4.0.1 to 4.0.2 (#421) 78f1a7b6 chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420) 2b4213f1 chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419) fe61acd7 chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417) 917e13b5 chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413) b1ee6814 chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415) 10f895d4 chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412) 1844b269 chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411) 7528df2d chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410) 3fc10e4e chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409) bb8b3c07 chore: bump the go_modules group group with 2 updates (#408) 910d630e Witness website netlify (#394) a4c40293 doc: fix example in signers kms doc (#403) 09f8cbb2 fix: run e2e test script as part of workflows (#397) e54d8be3 chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399) feac3aa7 chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400) 3c8d14d6 chore: bump actions/cache from 4.0.0 to 4.0.1 (#401) 997af3b5 Bump to go-witness v0.3.1 (#398) dcac011c chore: bump github/codeql-action from 3.24.3 to 3.24.5 (#396) c211bfee chore: bump actions/dependency-review-action from 4.1.1 to 4.1.3 (#395) 0df242bb chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392) db7a2664 chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391) 161286db chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390) f772f2db chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387) 001a113b chore: bump k8s.io/apimachinery from 0.26.13 to 0.26.14 (#386) e438568f chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389) 17bdb4ed Add Tom as a Witness maintainer (in-toto#385) c27a4f56 KMS Support (in-toto#376) be37eeee chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (in-toto#383) 58fe0939 chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (in-toto#382) 1144fa56 chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (in-toto#380) 3195add2 chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (in-toto#379) 2923f967 chore: bump github/codeql-action from 3.23.2 to 3.24.0 (in-toto#378) 0e7dda92 Add back license scanning badge (in-toto#377) dfd64fe7 Updated witness to use changes made to `cryptoutil.DigestValue` implemented in go-witness (in-toto#371) 58d5516f chore: bump github/codeql-action from 3.23.1 to 3.23.2 (in-toto#370) cd18d5eb chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (in-toto#369) 1bbd0e84 Updating timestamper (in-toto#367) df179e2e Fixing mistakes in the readme (in-toto#368) b90f41ba README and docs restructure (in-toto#362) 2b872a34 chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (in-toto#366) 9247c817 chore: bump github/codeql-action from 3.23.0 to 3.23.1 (in-toto#365) 55418b54 chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (in-toto#363) 272e492b chore: bump actions/cache from 3.3.3 to 4.0.0 (in-toto#364) git-subtree-dir: subtrees/witness git-subtree-split: 74f6c3dcb07ad6b6c2e67eede125bca3ef302793
chore(aws): refactor account numbers and regions to be set in cdk.json feat(aws): judge-container-stack and eks construct feat(aws): judge container stack feat(aws): added s3 bucket feat(aws): codebuild stack feat(aws): judge aws self-mutating pipeline feat(aws): new release action
…dates Bumps the go_modules group with 3 updates in the /judge-api directory: [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose), [golang.org/x/net](https://github.com/golang/net) and gopkg.in/go-jose/go-jose.v2. Bumps the go_modules group with 1 update in the /subtrees/archivista directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /subtrees/go-witness directory: [golang.org/x/net](https://github.com/golang/net). Updates `github.com/go-jose/go-jose/v3` from 3.0.2 to 3.0.3 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.2...v3.0.3) Updates `golang.org/x/net` from 0.23.0 to 0.24.0 - [Commits](golang/net@v0.23.0...v0.24.0) Updates `gopkg.in/go-jose/go-jose.v2` from 2.6.2 to 2.6.3 Updates `golang.org/x/net` from 0.22.0 to 0.23.0 - [Commits](golang/net@v0.23.0...v0.24.0) Updates `golang.org/x/net` from 0.22.0 to 0.23.0 - [Commits](golang/net@v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: gopkg.in/go-jose/go-jose.v2 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
…dates Bumps the go_modules group with 2 updates in the /judge-api directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf. Bumps the go_modules group with 2 updates in the /subtrees/go-witness directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf. Bumps the go_modules group with 2 updates in the /subtrees/witness directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf. Updates `golang.org/x/net` from 0.24.0 to 0.25.0 - [Commits](golang/net@v0.24.0...v0.25.0) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1 Updates `golang.org/x/net` from 0.23.0 to 0.25.0 - [Commits](golang/net@v0.24.0...v0.25.0) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1 Updates `golang.org/x/net` from 0.23.0 to 0.25.0 - [Commits](golang/net@v0.24.0...v0.25.0) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1 --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
47b6e1cc1 chore: bump github.com/spf13/viper from 1.18.2 to 1.19.0 in the all-go-mod group (#462) 3d08ed511 chore: bump the all-gha group with 2 updates (#461) 308aee9db Added generation of SBOM (#451) f499ffbc7 docs(getting-started): add information about slsa attestor (#456) b495cf739 fix(install-witness.sh): ensure compatibility with macOS for checksum verification (#459) fa443884a Adding Signers section to website sidebar (#460) 6ab0464f5 Updating yarn and modifying ignore on netlify toml (#455) d9733deea chore: bump the all-gha group with 2 updates (#457) bb49495ad Changed all the broken links (#453) 16beb9e7f chore: bump k8s.io/apimachinery from 0.30.0 to 0.30.1 in the all-go-mod group (#450) 1b286b7a6 chore: bump the all-gha group with 2 updates (#449) cb6a006bb Updating go-witness to v0.4.0 (#447) 405a64ddd Adding collection concept to docs and fixing code snippet formatting in md (#445) b951db3fe Fixing CA Path Flag to be used and adding policy timestamp server flag (in-toto#353) 53aa6ade1 chore: bump the all-gha group with 5 updates (#444) 8e1f2fcda Attestor json schema (#443) d866f90e8 Improving Verify Error Response (#430) fc4849443 Link & SLSA attestor (in-toto#381) 0cd05b61f feat: Enable Witness Policy verify from Archivista (#438) 3a926efa6 chore: bump the all-gha group with 4 updates (#440) 7ba97fc2c Fixing incorrect error message on Verify (in-toto#350) fb1519143 chore: bump k8s.io/apimachinery from 0.29.3 to 0.30.0 in the all-go-mod group (#433) a099009e2 chore: bump the all-gha group with 5 updates (#435) aa955f000 chore: bump the all-gha group with 4 updates (#434) 58c8f0708 chore: bump golang.org/x/net from 0.21.0 to 0.23.0 in the go_modules group (#432) 406b2bdba chore: bump the all-gha group with 2 updates (#431) git-subtree-dir: subtrees/witness git-subtree-split: 47b6e1cc1cdb55b2eb4c5610111514a737ccb4be
…JUDGE Co-Authored-by: chaosinthecrd <tom@tmlabs.co.uk> Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
f07725e5 refactor: make all run options have shorthand vars (#441) f5f2ae60 Add logging of passed step if found during policy failure (#454) 54e8d188 fix: temporarily disable omnitrail on windows builds (#467) f5b0e7b6 Remove Windows Arm64 build until fixed (#466) c1352bd7 SBOM and Omnitrail Attestor (#464) 460f0401 chore: bump the all-gha group with 3 updates (#463) git-subtree-dir: subtrees/witness git-subtree-split: f07725e52356cdfe9bf113b2054521b923aef5d8
…4521b923aef5d8 Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Nick Kane <nkane@testifysec.com>
kriscoleman
added a commit
that referenced
this pull request
Jun 15, 2024
Signed-off-by: Kris Coleman <kriscodeman@gmail.com> Co-authored-by: Nick Kane <nkane@testifysec.com> Signed-off-by: Kris Coleman <kriscodeman@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it
Upstreams latest go-witness from JUDGE monorepo
Which issue(s) this PR fixes (optional)
Adds Vex Attestor