Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a bundle test for a dsse envelope containing an in-toto statement #159

Merged
merged 5 commits into from
Nov 27, 2024
Merged

Add a bundle test for a dsse envelope containing an in-toto statement #159

merged 5 commits into from
Nov 27, 2024

Conversation

segiddins
Copy link
Member

Summary

There are no bundle tests where "kindVersion":{"kind":"dsse","version":"0.0.1"} and the dsse envelope payload is an in-toto statement

Based on the example in https://blog.sigstore.dev/cosign-verify-bundles/

Release Note

Documentation

@segiddins segiddins force-pushed the segiddins/dsse-in-toto-bundle-test-case branch from d296036 to d12f919 Compare September 30, 2024 22:59
woodruffw
woodruffw reviewed Oct 1, 2024
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM behaviorally, although I think we might want to rename the bundle here (if only because naming a file sha256:... will make it harder to visually distinguish between file inputs and hash-literal inputs).

@segiddins
Copy link
Member Author

Any suggested names? I picked this since it's what gh attestation created

@woodruffw
Copy link
Member

Any suggested names? I picked this since it's what gh attestation created

Hmm, maybe intoto-in-dsse-v3.sigstore.json? I admit that's not fantastic though.

@woodruffw
Copy link
Member

I'll take this over and land it.

@woodruffw woodruffw self-assigned this Nov 27, 2024
woodruffw
woodruffw previously approved these changes Nov 27, 2024
View reviewed changes
loosebazooka
loosebazooka previously approved these changes Nov 27, 2024
View reviewed changes
@woodruffw woodruffw dismissed stale reviews from loosebazooka and themself via 8d96ace November 27, 2024 18:36
@woodruffw woodruffw merged commit d4049ea into sigstore:main Nov 27, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

@loosebazooka loosebazooka loosebazooka approved these changes

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@segiddins @woodruffw @loosebazooka