-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MGPG-130] - Update sigstore extension to ".sigstore.json" #109
Conversation
I would leave old and add sigstore.json as well |
That works, we just don't intend on making any new signatures using that extension. But I have no strong preference. I'll update the PR |
Are any of the two maven sigstore plugins alive? Afair, they used ".sigstore" for extension... |
Both standalone plugin repositories are archived (1, 2), things were a little wild west at the beginning 🤷 . The "supported" plugin is integrated into the sigstore-java repository at https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin. <-- this supersedes the code in https://github.com/sigstore/sigstore-maven-plugin (which is archived). The latest release at https://central.sonatype.com/artifact/dev.sigstore/sigstore-maven-plugin/0.11.0/versions |
@cstamas updated to re-include ".sigstore". I added a tracker to remove it in 6 months or so (sigstore/sigstore-java#759) |
Sigstore uses ".sigstore.json" extension in all our plugins, ".sigstore" is legacy
|
@cstamas any chance this could get another look? |
Sigstore uses ".sigstore.json" extension in all our plugins, ".sigstore" is no longer used.
Context: https://github.com/sigstore/sigstore-maven-plugin/blob/main/src/main/java/dev/sigstore/plugin/SigstoreSignAttachedMojo.java#L47
This change is consistent across java clients (gradle) and language clients (python)
Following this checklist to help us incorporate your contribution quickly and easily:
before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should
address just this issue, without pulling in other changes.
[MGPG-XXX] - Fixes bug in ApproximateQuantiles
, where you replaceMGPG-XXX
with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the
first line of the commit message.
mvn clean verify
to make sure basic checks pass. A more thorough check will be performed on your pullrequest automatically.
mvn -Prun-its clean verify
).If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure please ask on the
developers list.
To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.
the Apache License Version 2.0, January 2004
an Apache Individual Contributor License Agreement.