monorepo #1258
Draft
monorepo #1258
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ring-sigstore-init fix: graceful handling of failures while initializing Sigstore
build(deps): update github-actions
build(deps): update all dependencies updates
build(deps): update all dependencies updates
More PolicyReport code to dedicated files, following the same pattern used to define OpenReports types and functions. Signed-off-by: Flavio Castelli <[email protected]>
Remove code that is no longer needed from the Makefile Signed-off-by: Flavio Castelli <[email protected]>
feat: OpenReports support
build(deps): update all dependencies updates
build(deps): update all dependencies updates
build(deps): update all dependencies updates
Update to latest version of the sigstore crate to handle the changes happened inside of upstream's TUF repository. Signed-off-by: Flavio Castelli <[email protected]>
…r-keys fix: handle changes inside of Sigstore's TUF repository
Do not error when multiple Rekor keys are found inside of Sigstore's TUF repository. As part of the fix, the code has been changed to not use the `ManualTrustRoot` struct since it did not provide any value over just using the `SigstoreTrustRoot`. Signed-off-by: Flavio Castelli <[email protected]>
Signed-off-by: Flavio Castelli <[email protected]>
…tiple-rekor-keys fix: handle multiple rekor keys inside of Sigstore's TUF repository
Allow multiple Rekor keys to be found inside of Sigstore's TUF repository. Signed-off-by: Flavio Castelli <[email protected]>
Signed-off-by: Flavio Castelli <[email protected]>
…tory This commit updates to the latest sigstore-rs crate, which allows us to handle some changes done inside of Sigstore's TUF repository. This commit is part of a series of commits required to address the issue. Signed-off-by: Flavio Castelli <[email protected]>
The contents of the Sigstore's TUF repository changed, causing verification to not work properly. This commits fixes verification, both for the `.wasm` files containing our policies and for the policies that make use of our verification capabilities (like the `verify-image-signatures` policy). However, now the Sigstore's TUF repository no longer ships with individual certificate/public keys. Issue kubewarden/kwctl#1245 was already tracking that. Moreover, the latest version of sigstore-rs requires to know Rekor's KEY IDs in addition to the actual keys, which makes all the individual CLI flags (`--rekor-public-key-path`, ``--fulcio-cert-path`) useless. Because of that, this commit removes these flags. We will add support for bring your own PKI in a future PR (see kubewarden/kwctl#1245 (comment) for more details). Signed-off-by: Flavio Castelli <[email protected]>
…or-keys fix sigstore handle multiple rekor keys
Keep track of the removal of the rekor and fulcio related flags Signed-off-by: Flavio Castelli <[email protected]>
…or-keys fix!: sigstore handle multiple rekor keys
build(deps): update all dependencies updates (major)
…updates build(deps): update all dependencies updates (major)
build(deps): update all dependencies updates
build(deps): update codecov/codecov-action action to v5.5.2
build(deps): update codecov/codecov-action action to v5.5.2
build(deps): update github-actions (major)
build(deps): update github-actions
build(deps): update all dependencies updates
build(deps): update all dependencies updates
… monorepo Signed-off-by: Flavio Castelli <[email protected]>
Refactor the code to make it fit with the monorepo, start to bring in the Makefile of sbomscanner and the helm charts directory Signed-off-by: Flavio Castelli <[email protected]>
Signed-off-by: Flavio Castelli <[email protected]>
- Build kwctl and policy-server binaries using cross - Build policys-server image - Initial setup of the rust workspace Signed-off-by: Flavio Castelli <[email protected]>
Do not try to merge all the 3 charts into a single one, just stick with the current ones. Signed-off-by: Flavio Castelli <[email protected]>
Signed-off-by: Flavio Castelli <[email protected]>
It's fine to have test helpers as part of the regular go modules. Their source code is not going to be part of the final Go binary as long as they are consumed from `_test.go` files. Signed-off-by: Flavio Castelli <[email protected]>
Signed-off-by: Flavio Castelli <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a gigantic PR that turns
kubewarden-controllerinto a monorepo.The end goal is to:
Thing that are left to be done: