Add artifact signature information to the generated index #312
Conversation
poiana
added
do-not-merge/work-in-progress
kind/feature
maxgio92
force-pushed
the
issue/306
branch
2 times, most recently
from
7b0509f
to
69a15ac
Compare
build/registry/go.mod
Outdated
| github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.34 | ||
| github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11 | ||
| github.com/blang/semver v3.5.1+incompatible | ||
| github.com/falcosecurity/falcoctl v0.3.0-rc6 | ||
| github.com/falcosecurity/falcoctl v0.5.2-0.20230707100440-5e6ce83dedba |
There was a problem hiding this comment.
Proposal: would we want to publish a pre-release?
There was a problem hiding this comment.
We have 0.6.1 released now :)
maxgio92
changed the title
maxgio92
force-pushed
the
issue/306
branch
8 times, most recently
from
716c61e
to
8c543c3
Compare
maxgio92
changed the title
| "github.com/falcosecurity/plugins/build/registry/pkg/registry" | ||
| ) | ||
|
|
||
| func TestPluginToIndexEntrySignature(t *testing.T) { |
There was a problem hiding this comment.
These unit tests assert the minimum expectations from this feature.
| registryName = "ghcr.io" | ||
| ) | ||
|
|
||
| var _ = Describe("Update index", func() { |
There was a problem hiding this comment.
These black box unit test provide the minimum expected behaviour with specifications of the index update from the registry manifest. It should be then extended.
|
Hey @maxgio92 I lost track of this. What's the status? Is this ready to be merged? 🤔 cc @jasondellaluce @LucaGuerra PS I see some tests failing. |
|
Hi @leogr, sorry for the delay. The PR is ready to be reviewed. |
maxgio92
force-pushed
the
issue/306
branch
2 times, most recently
from
3cb64a4
to
bb81fd8
Compare
Signed-off-by: maxgio92 <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
…odel Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
|
Hey @LucaGuerra, I've just rebased and upgraded falcoctl to v0.6.1 |
|
Thank you Max! I have performed a complete test of this patch by:
and it worked 🎉 I think we can merge this 🚀 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: leogr, maxgio92 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area registry
/area build
What this PR does / why we need it:
This PR is needed to provide required information for consumers in order to verify OCI signatures of plugins officially distributed as OCI artifacts.
The
registry.yamlindex is consumed by current CI to generate the general Falco artifacts index https://github.com/falcosecurity/falcoctl/blob/gh-pages/index.yaml, which can be further consumed by falcoctl to verify artifacts (i.e. plugins) signatures.Which issue(s) this PR fixes:
Fixes #306
Special notes for your reviewer:
Only one signin implementation is currently supported, which is based on cosign. When signatures are generated by cosign in keyless mode, can provide the OIDC issuer and certificate identity (see falcosecurity/falcoctl#305).
Furthermore, this PR adds black box and white box unit tests.
The same feature should be applied to the registry tool of the rules.