Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add v1?draft slsa provenance definition #200

Merged
merged 2 commits into from
Feb 7, 2023
Merged

feat: add v1?draft slsa provenance definition #200

merged 2 commits into from
Feb 7, 2023

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Feb 6, 2023

Signed-off-by: Asra Ali [email protected]

Fixes issue:
Related #197

Description:
Implements the v1?draft SLSA provenance spec. I expect it will be complete by end of the month, and don't think there will be too many changes. I can keep the issue open to migrate the URI to v1 (removing the draft) with whatever remaining format changes there are in the follow-up.

Please verify and check that the pull request fulfills the following
requirements:

  • [ x ] Tests have been added for the bug fix or new feature
  • [ x ] Docs have been added for the bug fix or new feature: added docstrings

pxp928
pxp928 approved these changes Feb 7, 2023
View reviewed changes
Copy link
Member

@pxp928 pxp928 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! We can keep the issue open and change it to remove draft once finalized.

@adityasaky
Copy link
Member

I'd prefer to leave it open as a draft to avoid someone accidentally using a non tagged version. @asraa wdyt?

@asraa
Copy link
Contributor Author

asraa commented Feb 7, 2023

I'd prefer to leave it open as a draft to avoid someone accidentally using a non tagged version. @asraa wdyt?

Right now the format is in v1?draft URI, so I do think people will be aware that the provenance is subject to change.

The reason I'd like it (even if pushed to a branch?) is that it blocks us from drafting tooling until the spec goes GA, where it would be nice to be developing alpha tooling while it still is to test its use-ability. WDYT about the branch idea?

@adityasaky
Copy link
Member

adityasaky commented Feb 7, 2023
edited
Loading

Gotcha, let me review the status of next.

@pxp928
Copy link
Member

pxp928 commented Feb 7, 2023

I'd prefer to leave it open as a draft to avoid someone accidentally using a non tagged version. @asraa wdyt?

Right now the format is in v1?draft URI, so I do think people will be aware that the provenance is subject to change.

The reason I'd like it (even if pushed to a branch?) is that it blocks us from drafting tooling until the spec goes GA, where it would be nice to be developing alpha tooling while it still is to test its use-ability. WDYT about the branch idea?

I agree. Would be useful to start updating tools to meet the spec.

@adityasaky adityasaky changed the base branch from master to next February 7, 2023 21:25
@adityasaky adityasaky merged commit 96dcb8c into in-toto:next Feb 7, 2023
@adityasaky
Copy link
Member

Done! Thanks @asraa!

@asraa
Copy link
Contributor Author

asraa commented Feb 7, 2023

Thank you all! I appreciate having a basis :)
I will definitely be on top of any spec updates, so that's my contract for this.

@developer-guy developer-guy mentioned this pull request Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pxp928 pxp928 pxp928 approved these changes

@shibumi shibumi Awaiting requested review from shibumi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@asraa @adityasaky @pxp928