Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check the existence and version of Sigstore CLI #194

Merged
merged 3 commits into from
Nov 25, 2024

Conversation

sethmlarson
Copy link
Collaborator

Closes #179, long-term solution is to do all the signing on the RM machine. This will do for now to catch fixable mistakes.

@hugovk
Copy link
Member

hugovk commented Nov 20, 2024

Looks good, thanks.

Testing, first I uninstalled sigstore CLI from the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1333, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1329, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 327, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.x:

Then installed sigstore<3 (2.1.5) on the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1333, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1329, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 327, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.x: sigstore 2.1.5

Then installed sigstore==3.4.0 on the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
✅  Checking Sigstore CLI

Re: #177 (comment): now #193 has been merged (to send Sigstore CLI verification to stdout, not stderr), is sigstore 3.x enough? And we don't need 3.5+?

@sethmlarson
Copy link
Collaborator Author

And we don't need 3.5+?

You're right, we should make sure it's up-to-date to avoid last-second issues. Let me make the version check handle that.

run_release.py Outdated Show resolved Hide resolved
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Testing again, not installed:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later:

sigstore-2.1.5:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later: sigstore 2.1.5

sigstore-3.4.0:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later: sigstore 3.4.0

sigstore-3.5.1:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
✅  Checking Sigstore CLI

@hugovk hugovk merged commit 24c1a0d into python:master Nov 25, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Downloads server: "No module named sigstore"
2 participants