Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

integration test for signing w/ GH Sigstore #40

Merged
merged 2 commits into from
Nov 27, 2023
Merged

integration test for signing w/ GH Sigstore #40

merged 2 commits into from
Nov 27, 2023

Conversation

bdehamer
Copy link
Collaborator

@bdehamer bdehamer commented Nov 18, 2023
edited
Loading

Sets-up an integration test which uses the Github Sigstore instance to sign the provenance statement.

Typically, the Sigstore instance is selected automatically based on the visibility of the repo which initiates the workflow. Given that this repo is public, I introduced an undocumented input argument which can be used to force the selection of the private Sigstore instance.

@bdehamer bdehamer force-pushed the bdehamer/private-repo-test branch 2 times, most recently from 05e9b62 to 0917a27 Compare November 18, 2023 00:51
@bdehamer bdehamer force-pushed the bdehamer/private-repo-test branch from 0917a27 to 770f6a8 Compare November 18, 2023 00:54
@bdehamer bdehamer marked this pull request as ready for review November 18, 2023 00:56
@bdehamer bdehamer requested a review from a team as a code owner November 18, 2023 00:57
@kommendorkapten
Copy link
Contributor

The code looks good, but I'm thinking about if we can change the name of the environment variable, INPUT_PRIVATE does not reveal much of it's intent. Even if this is an undocumented private variable, I would think a more descriptive name:

  • INPUT_PRIVATE_CA
  • INPUT_PRIVATE_FULCIO
  • INPUT_PRIVATE_SA (Signing authority)
  • INPUT_PRIVATE_SIGNING
  • INPUT_DISABLE_PGI (Public Good Instance)

and so on.

@bdehamer bdehamer force-pushed the bdehamer/private-repo-test branch from 8347ff9 to f8d1620 Compare November 20, 2023 22:20
@bdehamer bdehamer merged commit 909b30c into main Nov 27, 2023
@bdehamer bdehamer deleted the bdehamer/private-repo-test branch November 27, 2023 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codysoyland codysoyland codysoyland approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bdehamer @kommendorkapten @codysoyland