Partially populate the output of cosign verify when working with new bundles #4416
Conversation
|
As it stands, this pull request will return something like: |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4416 +/- ##
==========================================
- Coverage 40.10% 34.26% -5.84%
==========================================
Files 155 218 +63
Lines 10044 15651 +5607
==========================================
+ Hits 4028 5363 +1335
- Misses 5530 9589 +4059
- Partials 486 699 +213 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Signed-off-by: Zach Steindler <[email protected]>
steiza
force-pushed
the
cosign-verify-results
branch
from
fb4b8fa to
6ac010d
Compare
Signed-off-by: Zach Steindler <[email protected]>
|
I should have known that #4316 was a little too easy! The content returned by I'm not a huge fan of this approach, but the alternative is pretty major surgery to I think transforming the information we need in the cmd works for now, and when we simplify code paths to just use sigstore-go for verification it will be much easier to plumb the information we need back to the cmd, instead of transforming the information we receive today. |
Signed-off-by: Zach Steindler <[email protected]>
…bundles (sigstore#4416) * Implement container image context in verify command * Use conformance on main for now (waiting for new release) --------- Signed-off-by: Zach Steindler <[email protected]>
…bundles (#4416) * Implement container image context in verify command * Use conformance on main for now (waiting for new release) --------- Signed-off-by: Zach Steindler <[email protected]>
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cosign](https://github.com/sigstore/cosign) | patch | `2.6.0` -> `2.6.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>sigstore/cosign (cosign)</summary> ### [`v2.6.1`](https://github.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v261) [Compare Source](sigstore/cosign@v2.6.0...v2.6.1) #### Bug Fixes - Partially populate the output of cosign verify when working with new bundles ([#​4416](sigstore/cosign#4416)) - Bump sigstore-go, move conformance back to tagged release ([#​4426](sigstore/cosign#4426)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzIuNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMi41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
2 participants
Summary
For #4372. Note that currently this only fills the the
criticalfields of thedocker-reference,docker-manifest-digest, andtype, and not any of theoptionalfields (which could be populated from sigstore-go verification results).Release Note
cosign verifyoutput when working with new bundles to include information about the verified container imageDocumentation
N/A