Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: flagd image signing #338

Merged
merged 2 commits into from
Feb 1, 2023
Merged

feat: flagd image signing #338

merged 2 commits into from
Feb 1, 2023

Conversation

Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Jan 27, 2023
edited
Loading

This PR

fixes #328

Introduce image signing for flagd. Signature is pushed to OCR repository and public key will get added to release artefacts under the name publicKey.pub (referred through variable PUBLIC_KEY_FILE in GH action)

NOTE - Require COSIGN_PRIVATE_KEY & COSIGN_PASSWORD secrets to be created. And decide how to expose public key

@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/sign-release-image branch from c9313cd to ace8ba3 Compare January 30, 2023 21:04
@Kavindu-Dodan Kavindu-Dodan marked this pull request as ready for review January 30, 2023 23:04
@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/sign-release-image branch from 6d07b1e to 546bd54 Compare January 30, 2023 23:12
@Kavindu-Dodan
Copy link
Contributor Author

Before merging this PR, someone with admin rights needs to generate a private key with a passphrase and set them to "Action secrets and variables"

  1. Install cosign [1]
  2. Run cosign generate-key-pair : Set passphrase in this step
  3. Set COSIGN_PASSWORD to the passphrase and set COSIGN_PRIVATE_KEY to consign.key

[1] - https://docs.sigstore.dev/cosign/installation/

@beeme1mr @toddbaert @james-milligan fyi

@Kavindu-Dodan Kavindu-Dodan force-pushed the feature/sign-release-image branch from 546bd54 to 51723fc Compare January 31, 2023 16:19
@beeme1mr beeme1mr self-assigned this Feb 1, 2023
@beeme1mr
Copy link
Member

beeme1mr commented Feb 1, 2023

I've set COSIGN_PASSWORD and COSIGN_PRIVATE_KEY based on this comment.

@beeme1mr beeme1mr self-requested a review February 1, 2023 18:24
@toddbaert toddbaert force-pushed the feature/sign-release-image branch from 51723fc to 04839eb Compare February 1, 2023 18:27
@Kavindu-Dodan @toddbaert
flagd image signing
4cde4fa 
Signed-off-by: Kavindu Dodanduwa <[email protected]>
@Kavindu-Dodan @toddbaert
add public key to release artefacts
d3057af 
Signed-off-by: Kavindu Dodanduwa <[email protected]>
@toddbaert toddbaert force-pushed the feature/sign-release-image branch from 04839eb to d3057af Compare February 1, 2023 19:43
@toddbaert toddbaert merged commit eca6a60 into open-feature:main Feb 1, 2023
@github-actions github-actions bot mentioned this pull request Feb 1, 2023
Merged
skyerus pushed a commit that referenced this pull request Feb 6, 2023
@github-actions
chore(main): release 0.3.5 (#343)
e77950b 
🤖 I have created a release *beep* *boop*
---


##
[0.3.5](v0.3.4...v0.3.5)
(2023-02-06)


### Features

* flagd image signing
([#338](#338))
([eca6a60](eca6a60))
* update in logging to console and Unify case usage, seperators and
punctuation for logging
([#322](#322))
([0bdcfd2](0bdcfd2))


### Bug Fixes

* **deps:** update module github.com/bufbuild/connect-go to v1.5.1
([#365](#365))
([e25f452](e25f452))
* **deps:** update module github.com/open-feature/open-feature-operator
to v0.2.28 ([#342](#342))
([e6df80f](e6df80f))
* **deps:** update module sigs.k8s.io/controller-runtime to v0.14.2
([#336](#336))
([836d3cf](836d3cf))
* **deps:** update module sigs.k8s.io/controller-runtime to v0.14.3
([#372](#372))
([330ac91](330ac91))
* **deps:** update module sigs.k8s.io/controller-runtime to v0.14.4
([#374](#374))
([d90e561](d90e561))
* fix unbuffered channel blocking goroutine
([#358](#358))
([4f1905a](4f1905a))
* introduced RWMutex to flag state to prevent concurrent r/w of map
([#370](#370))
([93e356b](93e356b))
* use event.Has func for file change notification handling (increased
stability across OS)
([#361](#361))
([09f74b9](09f74b9))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@toddbaert toddbaert mentioned this pull request Feb 6, 2023
Merged
beeme1mr pushed a commit that referenced this pull request Feb 7, 2023
@toddbaert
chore: add @Kavindu-Dodan to CODEOWNERS (#377)
e02c899 
@Kavindu-Dodan has contributed multiple significant changes and
proposals to flagd:

- multiple refactors: #291,
#307
- ci/security improvements:
#338,
#337
- architectural proposals (some of which got some attention from outside
parties!): open-feature/ofep#45,
open-feature/flagd-schemas#78,
#249 (comment)
- load testing: #225
- documentation improvements

For these reasons, I believe he should be made a CODEOWNER in this
repository.

NOTE: before this is merged, @Kavindu-Dodan should be added with at
least `maintainer` permissions to the repo.

Signed-off-by: Todd Baert <[email protected]>
@github-actions github-actions bot mentioned this pull request Dec 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@beeme1mr beeme1mr beeme1mr approved these changes

@toddbaert toddbaert toddbaert approved these changes

@AlexsJones AlexsJones Awaiting requested review from AlexsJones

@james-milligan james-milligan Awaiting requested review from james-milligan

Assignees

@beeme1mr beeme1mr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] Sign release images
3 participants
@Kavindu-Dodan @beeme1mr @toddbaert