Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link & SLSA attestor #149

Merged
merged 43 commits into from
May 9, 2024
Merged

Link & SLSA attestor #149

merged 43 commits into from
May 9, 2024

Conversation

jkjell
Copy link
Member

@jkjell jkjell commented Feb 5, 2024

Add a new link attestor and the ability to return multiple signed attestation with RunWithExports function.

jkjell and others added 15 commits February 5, 2024 08:23
@jkjell
Initial link attestor
63410d4 
Signed-off-by: John Kjell <[email protected]>
@mikhailswift @jkjell
refactor: move gitoid code to cyrptoutil, use digestvalue everywhere (#…
7da776c 
…139)

When the functionality to calculate gitoids was added, there was a bit
of tech debt incurred since they didn't implement hash.Hash. This
remedies this with an admitedly hacky implementation of hash.Hash that
wraps the gitoid code. This also standardizes our cryptoutil fucntions
around the DigestValue struct that was added around this time to
differentiate between gitoids and regular hash functions.

Signed-off-by: Mikhail Swift <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@dependabot @jkjell
chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#142)
924eb1f 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@694cdab...26f96df)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <[email protected]>
@dependabot @ChaosInTheCRD @jkjell
chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#143)
856b500 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@0b21cf2...b7bf0a3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Meadows <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD @jkjell
Adding job to auto cut releases (#141)
315793e 
adding job to auto cut releases

Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD @jkjell
fixing error in github actions workflow (#147)
ad61b8a 
fixing error in workflow

Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD @jkjell
RunAttestors refactor (#131)
ed1dfef 
* improving run attestors

Signed-off-by: chaosinthecrd <[email protected]>

* finalising changes.

Signed-off-by: chaosinthecrd <[email protected]>

* improving run attestors

Signed-off-by: chaosinthecrd <[email protected]>

* finalising changes.

Signed-off-by: chaosinthecrd <[email protected]>

* addressing review, restoring run type order

Signed-off-by: chaosinthecrd <[email protected]>

* updating error handling logic

Signed-off-by: chaosinthecrd <[email protected]>

* updating to go 1.21 for errors.Join

Signed-off-by: chaosinthecrd <[email protected]>

---------

Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: Tom Meadows <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD @jkjell
Adding workaround due to failing workflows (#145)
ed519d1 
adding workaround due to failing workflows

Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD @jkjell
Checking policy signature against cert constraints (#144)
04a8ef4 
* adding logic so policy signature can be checked against constraints
* threaded options into policy validation functionary
---------

Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: John Kjell <[email protected]>
Co-authored-by: John Kjell <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@step-security-bot @jkjell
[StepSecurity] ci: Harden GitHub Actions (#148)
3cff01c 
Signed-off-by: StepSecurity Bot <[email protected]>
Signed-off-by: John Kjell <[email protected]>
@jkjell
Add import for init and export variables
3d7747b 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Add mulitple results to run to allow exporting attestors to indivudal…
7a1a1f7 
… files

Signed-off-by: John Kjell <[email protected]>
@jkjell
Add collection to result array
fb27f55 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Replace export parameters in run with attestor option
af0470f 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Fix golang lint isues
8e2aaa4 
Signed-off-by: John Kjell <[email protected]>
ChaosInTheCRD
ChaosInTheCRD reviewed Feb 5, 2024
View reviewed changes
run.go Outdated Show resolved Hide resolved
ChaosInTheCRD
ChaosInTheCRD reviewed Feb 5, 2024
View reviewed changes
run.go Outdated Show resolved Hide resolved
@ChaosInTheCRD
Copy link
Collaborator

some opinionated thoughts from me, one little style thing that I think could be a tiny bit neater, but on the whole I ike the principle of the link connector and providing this way of exposing attestations. Code is also really neat and tidy 😄.

@jkjell jkjell changed the title Link attestor Link & SLSA attestor Mar 25, 2024
@ChaosInTheCRD ChaosInTheCRD mentioned this pull request Mar 25, 2024
Open
ChaosInTheCRD and others added 6 commits April 4, 2024 15:09
@ChaosInTheCRD @colek42 @jkjell
Link attestor proposed changes (#204)
4d86ee9 
* unmarshal the time in the attestation collection correctly (#203)
* add StepName to AttestorContext
* use CollectionAttestion to properly set start/end times
---------

Signed-off-by: John Kjell <[email protected]>
Co-authored-by: Cole Kennedy <[email protected]>
Co-authored-by: Cole <[email protected]>
Co-authored-by: John Kjell <[email protected]>
@ChaosInTheCRD
Merge branch 'link-attestor' of github.com:in-toto/go-witness into li…
1d19081 
…nk-attestor

Signed-off-by: chaosinthecrd <[email protected]>
@jkjell
Merge branch 'main' into link-attestor
690505e
@jkjell
Passing SLSA Attest tests for GitHub and GitLab
450a306 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Clean up
33f3905 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Add attestation test for link attestor
dba3c39 
Signed-off-by: John Kjell <[email protected]>
@jkjell jkjell marked this pull request as ready for review April 8, 2024 02:24
@mikhailswift
Copy link
Member

Did a quick read through of the code and this all looks reasonable. Will pull and play with it tomorrow.

@matglas matglas mentioned this pull request May 8, 2024
Draft
3 tasks
ChaosInTheCRD
ChaosInTheCRD previously approved these changes May 8, 2024
View reviewed changes
@ChaosInTheCRD
Copy link
Collaborator

provisionally approving, as long as we can resolve #149 (comment)

@ChaosInTheCRD
Copy link
Collaborator

Just noticed as well, we need to fix DCO before merge 😄

@jkjell jkjell requested a review from ChaosInTheCRD May 9, 2024 04:53
@ChaosInTheCRD ChaosInTheCRD merged commit 87975b4 into main May 9, 2024
15 checks passed
@ChaosInTheCRD ChaosInTheCRD deleted the link-attestor branch May 9, 2024 15:26
@marcelamelara marcelamelara mentioned this pull request May 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colek42 colek42 colek42 left review comments

@ChaosInTheCRD ChaosInTheCRD ChaosInTheCRD approved these changes

@mikhailswift mikhailswift Awaiting requested review from mikhailswift

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jkjell @ChaosInTheCRD @mikhailswift @colek42 @step-security-bot