Skip to content

[pull] main from sigstore:main #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 33 commits into
base: main
Choose a base branch
from
+1,611 −603
Open

[pull] main from sigstore:main #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
f8e6db5
Verify subject with bundle only when checking claims (#4320)
haydentherapper Aug 4, 2025
806fcd3
chore(deps): bump github.com/sigstore/rekor from 1.3.10 to 1.4.0 (#4325)
dependabot[bot] Aug 5, 2025
674c9c1
chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (…
dependabot[bot] Aug 5, 2025
f385b03
chore(deps): bump the actions group with 3 updates (#4329)
dependabot[bot] Aug 5, 2025
bfd1044
chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr…
dependabot[bot] Aug 5, 2025
cd8bc0b
Bump deps for cuelang and others (#4332)
haydentherapper Aug 7, 2025
7319eb4
chore(deps): bump google.golang.org/api from 0.243.0 to 0.244.0 (#4326)
dependabot[bot] Aug 7, 2025
f011b93
Add support for SigningConfig for sign-blob/attest-blob, support Reko…
haydentherapper Aug 7, 2025
0ac382a
Have cosign sign support bundle format (#4316)
steiza Aug 7, 2025
fbea0dd
bump golangci-lint to v2.3.x (#4333)
cpanato Aug 8, 2025
1059a80
update builder to use go1.24.6 (#4334)
cpanato Aug 8, 2025
18040e1
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4338)
dependabot[bot] Aug 12, 2025
4702fb8
chore(deps): bump the actions group with 3 updates (#4345)
dependabot[bot] Aug 12, 2025
275f268
chore(deps): bump github.com/sigstore/sigstore-go (#4340)
dependabot[bot] Aug 12, 2025
c11b6b7
chore(deps): bump the gomod group with 4 updates (#4343)
dependabot[bot] Aug 12, 2025
b77ae44
chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 (#4339)
dependabot[bot] Aug 12, 2025
3e8eb0d
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.2 (…
dependabot[bot] Aug 12, 2025
a2a8ca3
Fixes to cosign sign / verify for the new bundle format (#4346)
steiza Aug 13, 2025
36acb30
Don't require timestamps when verifying with a key (#4337)
haydentherapper Aug 14, 2025
3a2e076
Don't load content from TUF if trusted root path is specified (#4347)
steiza Aug 18, 2025
47b5ffe
chore(deps): bump google.golang.org/api from 0.246.0 to 0.247.0 (#4353)
dependabot[bot] Aug 19, 2025
e185b40
chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4352)
dependabot[bot] Aug 19, 2025
ddca0f1
Relax go directive to 1.24.x (#4351)
haydentherapper Aug 19, 2025
b118243
chore(deps): bump chainguard-dev/actions in the actions group (#4349)
dependabot[bot] Aug 19, 2025
5bca529
chore(deps): bump the gomod group with 4 updates (#4350)
dependabot[bot] Aug 19, 2025
76faaff
chore(deps): bump github.com/go-viper/mapstructure/v2 (#4355)
dependabot[bot] Aug 21, 2025
8999f9e
chore(deps): bump github.com/buildkite/agent/v3 from 3.98.2 to 3.103.…
dependabot[bot] Aug 26, 2025
6dd6f52
chore(deps): bump google.golang.org/protobuf in the gomod group (#4364)
dependabot[bot] Aug 26, 2025
ef083d4
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.5.0 to 2.6.0 …
dependabot[bot] Aug 26, 2025
663b97c
chore(deps): bump the actions group with 2 updates (#4361)
dependabot[bot] Aug 26, 2025
ec66f46
chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (…
dependabot[bot] Aug 26, 2025
29f9349
chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4360)
dependabot[bot] Aug 26, 2025
5ad3dfe
chore(deps): bump google.golang.org/api from 0.247.0 to 0.248.0 (#4359)
dependabot[bot] Aug 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
packages: write

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

Expand All @@ -59,7 +59,7 @@ jobs:
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9

- name: Set up Cloud SDK
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with:
workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign'
service_account: '[email protected]'
Expand All @@ -68,7 +68,7 @@ jobs:
run: gcloud auth configure-docker --quiet

- name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,12 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

- name: Utilize Go Module Cache
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/go/pkg/mod
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/conformance-nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
conformance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/conformance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
conformance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand All @@ -39,6 +39,6 @@ jobs:

- run: make cosign conformance

- uses: sigstore/sigstore-conformance@fd90e6b0f3046f2276a6659481de6df495dea3b9 # v0.0.18
- uses: sigstore/sigstore-conformance@a7ac671d8e55553de127c8b1ad96d8d416315e83 # v0.0.19
with:
entrypoint: ${{ github.workspace }}/conformance
4 changes: 2 additions & 2 deletions .github/workflows/donotsubmit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ jobs:

steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v2.4.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v2.4.0
with:
persist-credentials: false

- name: Do Not Submit
uses: chainguard-dev/actions/donotsubmit@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
uses: chainguard-dev/actions/donotsubmit@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12
10 changes: 5 additions & 5 deletions .github/workflows/e2e-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
runs-on: ${{ matrix.os }}

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand All @@ -54,7 +54,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down Expand Up @@ -89,7 +89,7 @@ jobs:
SCAFFOLDING_RELEASE_VERSION: "v0.7.24"
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

Expand Down Expand Up @@ -121,7 +121,7 @@ jobs:
SCAFFOLDING_RELEASE_VERSION: "v0.7.24"

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down Expand Up @@ -220,4 +220,4 @@ jobs:

- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
uses: chainguard-dev/actions/kind-diag@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12
2 changes: 1 addition & 1 deletion .github/workflows/e2e-with-binary.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
COSIGN_YES: "true"

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/github-oidc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
KO_PREFIX: ghcr.io/${{ github.repository }}

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/golangci-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
contents: read

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand All @@ -41,7 +41,7 @@ jobs:
- name: golangci-lint
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
with:
version: v2.2
version: v2.3

golangci-test-e2e:
name: lint-test-e2e
Expand All @@ -51,7 +51,7 @@ jobs:
contents: read

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/kind-verify-attestation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
COSIGN_YES: "true"

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down Expand Up @@ -156,7 +156,7 @@ jobs:

- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
uses: chainguard-dev/actions/kind-diag@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12

- name: Create vuln attestation for it
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard-action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@ jobs:
OS: ${{ matrix.os }}

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
# In order:
# * Module download cache
Expand All @@ -67,7 +67,7 @@ jobs:
- name: Run Go tests
run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/)
- name: Upload Coverage Report
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
with:
env_vars: OS
- name: Run Go tests w/ `-race`
Expand All @@ -81,7 +81,7 @@ jobs:
contents: read

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
# Related to https://github.com/sigstore/cosign/issues/3149
Expand Down Expand Up @@ -138,7 +138,7 @@ jobs:
- name: check disk space
run: df -h
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
# In order:
# * Module download cache
Expand Down Expand Up @@ -169,15 +169,15 @@ jobs:

- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
uses: chainguard-dev/actions/kind-diag@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12

e2e-windows-powershell-tests:
name: Run PowerShell E2E tests
runs-on: windows-latest
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand All @@ -186,7 +186,7 @@ jobs:
check-latest: true

# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
# In order:
# * Module download cache
Expand All @@ -207,7 +207,7 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/validate-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ jobs:
check-signature:
runs-on: ubuntu-latest
container:
image: ghcr.io/sigstore/cosign/cosign:v2.5.2-dev@sha256:14a20131240190350e18f002bdd61345d2803eff370913737392281e834ee22a
image: ghcr.io/sigstore/cosign/cosign:v2.5.3-dev@sha256:fe84ab87222b60d2d87f5efcb8ef3cfd895897c088fbeb973280689c81aedff1

steps:
- name: Check Signature
run: |
cosign verify ghcr.io/gythialy/golang-cross:v1.24.5-0@sha256:492c51e60ed27ff597511b0a24e6c5acb6e3e2e97bb68d7bd35f81a7e3dfa4d0 \
cosign verify ghcr.io/gythialy/golang-cross:v1.24.6-0@sha256:961353cc71207c6c50db62a1e01275f3e809493bea34861c4de199f5dc17d665 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.24.5-0"
--certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.24.6-0"
env:
TUF_ROOT: /tmp

Expand All @@ -43,15 +43,15 @@ jobs:
- check-signature

container:
image: ghcr.io/gythialy/golang-cross:v1.24.5-0@sha256:492c51e60ed27ff597511b0a24e6c5acb6e3e2e97bb68d7bd35f81a7e3dfa4d0
image: ghcr.io/gythialy/golang-cross:v1.24.6-0@sha256:961353cc71207c6c50db62a1e01275f3e809493bea34861c4de199f5dc17d665
volumes:
- /usr:/host_usr
- /opt:/host_opt

permissions: {}

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/verify-docgen.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
steps:
- name: deps
run: sudo apt-get update && sudo apt-get install -yq libpcsclite-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/whitespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ jobs:

steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

- uses: chainguard-dev/actions/trailing-space@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
- uses: chainguard-dev/actions/trailing-space@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12
if: ${{ always() }}

- uses: chainguard-dev/actions/eof-newline@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
- uses: chainguard-dev/actions/eof-newline@be7b31a01af8ce7228fe901326f1d223fb788e14 # v1.4.12
if: ${{ always() }}
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
bin*
dist/
cosignImagerefs
bundle
/bundle
signature
certificate
sigstore-conformance
Expand Down
5 changes: 5 additions & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,11 @@ linters:
path: pkg/cosign/verify.go
# NewEntry used for Rekor v1, will update to NewTlogEntry for Rekor v2 support
text: SA1019
- linters:
- staticcheck
path: pkg/cosign/verify_bundle_test.go
# NewEntry used for Rekor v1, will update to NewTlogEntry for Rekor v2 support
text: SA1019
paths:
- third_party$
- builtin$
Expand Down
1 change: 1 addition & 0 deletions cmd/cosign/cli/attest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ func Attest() *cobra.Command {
}
ko.TrustedMaterial = trustedMaterial
}
// TODO(#4324): Add support for SigningConfig
attestCommand := attest.AttestCommand{
KeyOpts: ko,
RegistryOptions: o.Registry,
Expand Down
8 changes: 6 additions & 2 deletions cmd/cosign/cli/attest/attest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ func (c *AttestCommand) Exec(ctx context.Context, imageRef string) error {
// will use the DSSE Sig field, so we choose what signature to send to
// the timestamp authority based on our output format.
if c.KeyOpts.NewBundleFormat {
tsaPayload, err = getEnvelopeSigBytes(signedPayload)
tsaPayload, err = cosign.GetDSSESigBytes(signedPayload)
if err != nil {
return err
}
Expand Down Expand Up @@ -251,7 +251,11 @@ func (c *AttestCommand) Exec(ctx context.Context, imageRef string) error {
if err != nil {
return err
}
bundleBytes, err := makeNewBundle(sv, rekorEntry, payload, signedPayload, signerBytes, timestampBytes)
pubKey, err := sv.PublicKey()
if err != nil {
return err
}
bundleBytes, err := cbundle.MakeNewBundle(pubKey, rekorEntry, payload, signedPayload, signerBytes, timestampBytes)
if err != nil {
return err
}
Expand Down
Loading