Add sign command, container provenance, split action #108
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Signed-off-by: Marco Franssen <[email protected]>
Co-authored-by: Brend Smits <[email protected]> Signed-off-by: Marco Franssen <[email protected]>
Co-authored-by: Brend Smits <[email protected]>
Signed-off-by: Pieter Lexis <[email protected]>
Signed-off-by: Pieter Lexis <[email protected]>
According to the SLSA specification, these are [JSON objects](https://slsa.dev/provenance/v0.1). This commit changes their type from raw json to the more correct `map[string]interface{}`. Signed-off-by: Pieter Lexis <[email protected]>
This checks if we can actually verify the signature and if the data in the payload actually matches what we put in. Signed-off-by: Pieter Lexis <[email protected]>
This is required by the [in-toto spec](https://github.com/in-toto/docs/blob/master/in-toto-spec.md#4-document-formats). Signed-off-by: Pieter Lexis <[email protected]>
Signed-off-by: Pieter Lexis <[email protected]>
Signed-off-by: Pieter Lexis <[email protected]>
…command-container-prov-action-fixes Signed-off-by: Pieter Lexis <[email protected]>
This should make using the action more straight forward Signed-off-by: Pieter Lexis <[email protected]>
Signed-off-by: Pieter Lexis <[email protected]>
|
looks like DCO is unhappy about commit 3aaa124:
🤷 |
|
We choose to stick with a single action. Although we didn't test it we are not entirely sure how GitHub will behave if you publish multiple actions from the same repo to the marketplace. The v0.5.0 release changed the api slightly to add more flexibility. For the signing PR we still need to see how we improve this structure. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello!
This PR is mostly experimental. I've merged #91 and #88 and added a commit that splits the action. This way, a user can easily use the action without knowing all the arguments.
CC: @marcofranssen