Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove unpinned image warning in lint for cosign signatures #2681

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix: remove unpinned image warning in lint for cosign signatures #2681

wants to merge 5 commits into from
+25 −1

Conversation

jasonwashburn
Copy link

@jasonwashburn jasonwashburn commented Jun 29, 2024
edited
Loading

Description

Removes unpinned image warning generated by zarf dev lint for cosign signatures.
...

Related Issue

Fixes #2577

Checklist before merging

@netlify Netlify
Copy link

netlify bot commented Jun 29, 2024
edited
Loading

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit b7a2373
🔍 Latest deploy log https://app.netlify.com/sites/zarf-docs/deploys/66853332c7378b0008886dbf

@jasonwashburn jasonwashburn force-pushed the fix/remove-lint-warning-for-signed-images branch from e2bb852 to dd92d5c Compare June 29, 2024 13:19
@AustinAbro321
Copy link
Contributor

Thanks @jasonwashburn, looks mostly good. Could you also have the linter ignore ".att" images ending in .att, as these images are also already sha'd and used by cosign for provenance and integrity.

@jasonwashburn jasonwashburn force-pushed the fix/remove-lint-warning-for-signed-images branch from f0f3b19 to b4a6351 Compare July 1, 2024 21:55
@jasonwashburn jasonwashburn marked this pull request as ready for review July 1, 2024 21:56
@jasonwashburn jasonwashburn requested review from dgershman and a team as code owners July 1, 2024 21:56
@jasonwashburn
Copy link
Author

Thanks @jasonwashburn, looks mostly good. Could you also have the linter ignore ".att" images ending in .att, as these images are also already sha'd and used by cosign for provenance and integrity.

Sure thing!

phillebaba
phillebaba requested changes Jul 2, 2024
View reviewed changes
Copy link
Member

@phillebaba phillebaba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small NIT otherwise looks good, thank you for expanding the tests to cover this.

src/pkg/packager/lint/lint.go Outdated Show resolved Hide resolved
src/pkg/packager/lint/lint.go Outdated Show resolved Hide resolved
@jasonwashburn jasonwashburn force-pushed the fix/remove-lint-warning-for-signed-images branch from 2c0b1a4 to b7a2373 Compare July 3, 2024 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgershman dgershman Awaiting requested review from dgershman dgershman is a code owner

@phillebaba phillebaba Awaiting requested review from phillebaba

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Zarf dev lint warns that cosign signatures are not pinned with a digest
3 participants
@jasonwashburn @AustinAbro321 @phillebaba