Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added integration test and fixed verify #209

Merged
merged 1 commit into from
Jan 8, 2024
Merged

added integration test and fixed verify #209

merged 1 commit into from
Jan 8, 2024

Conversation

garethahealy
Copy link
Contributor

Summary

Attempting to add integration tests #208

Release Note

None

Documentation

None

@garethahealy
Copy link
Contributor Author

@sabre1041 ; when I try to verify the packaged and uploaded chart, I get the below error:

entry not insertable into log: missing provenance content

which comes from:

any ideas what I am doing wrong? or have a I hit a bug

@garethahealy
Copy link
Contributor Author

garethahealy commented Jan 4, 2024

this works against v0.2.0 - so presume there's a bug on main or rekor API change that's broken this plugin (i'd guess this)

$ bin/helm-sigstore verify helm-sigstore-test-0.1.0.tgz --keyring .gnupg/sigstore-secring.gpg
Chart Verified Successfully From Helm entry:

Rekor Server: https://rekor.sigstore.dev
Rekor Index: 61347294
Rekor UUID: 24296fb24b8ad77ac1f281392de9110d81aae830454c03035403d9b77f9803f3be641793719f921f

error happens from >= https://github.com/sigstore/rekor/releases/tag/v1.2.1
related to change: sigstore/rekor#1410

@garethahealy
Copy link
Contributor Author

after a bit of digging, i found:

have switched CreateVersionedEntry for UnmarshalEntry and verify works now

tested on my fork:

Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, some comments

Makefile Outdated Show resolved Hide resolved
tests/integration.sh Outdated Show resolved Hide resolved
tests/integration.sh Outdated Show resolved Hide resolved
@garethahealy
Copy link
Contributor Author

updated with suggested changes and tested @ https://github.com/garethahealy/helm-sigstore/actions/runs/7420076759/job/20190765226

@garethahealy garethahealy changed the title added integration test added integration test and fixed verify Jan 5, 2024
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some comments, thanks for working on this

scripts/generate-test-chart.sh Outdated Show resolved Hide resolved
Makefile Show resolved Hide resolved
.github/workflows/ci.yml Outdated Show resolved Hide resolved
.github/workflows/ci.yml Outdated Show resolved Hide resolved
.github/workflows/ci.yml Outdated Show resolved Hide resolved
.github/workflows/ci.yml Outdated Show resolved Hide resolved
.gitignore Outdated Show resolved Hide resolved
Signed-off-by: Gareth Healy <garethahealy@gmail.com>
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

@cpanato cpanato merged commit ba7962f into sigstore:main Jan 8, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants