Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport GHSA-vfp6-jrw2-99g9 #3364

Merged
merged 7 commits into from
Nov 15, 2023
Merged

Backport GHSA-vfp6-jrw2-99g9 #3364

merged 7 commits into from
Nov 15, 2023

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented Nov 14, 2023

No description provided.

AdamKorcz and others added 2 commits November 14, 2023 17:03
@AdamKorcz @codysoyland
@haydentherapper @cpanato
Merge pull request from GHSA-vfp6-jrw2-99g9
1b607fc 
* Add limit to number of sigs and attestations

Signed-off-by: AdamKorcz <[email protected]>

* Update pkg/cosign/fetch.go

Co-authored-by: Cody Soyland <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>

* Update error message

Signed-off-by: Hayden B <[email protected]>

* fix compilation error

Signed-off-by: Hayden Blauzvern <[email protected]>

* Add e2e tests

Signed-off-by: Hayden Blauzvern <[email protected]>

---------

Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: Hayden B <[email protected]>
Signed-off-by: Hayden Blauzvern <[email protected]>
Co-authored-by: Cody Soyland <[email protected]>
Co-authored-by: Hayden B <[email protected]>
@cpanato
fix missing import
229451f 
Signed-off-by: cpanato <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Nov 14, 2023
edited
Loading

Codecov Report

Attention: 7 lines in your changes are missing coverage. Please review.

Comparison is base (d862088) 30.16% compared to head (e339d7f) 30.14%.

Files Patch % Lines
pkg/cosign/fetch.go 0.00% 7 Missing ⚠️
Additional details and impacted files 
@@               Coverage Diff                @@
##           release-1.13    #3364      +/-   ##
================================================
- Coverage         30.16%   30.14%   -0.03%     
================================================
  Files               136      136              
  Lines              8436     8443       +7     
================================================
  Hits               2545     2545              
- Misses             5561     5568       +7     
  Partials            330      330

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cpanato cpanato changed the title Merge pull request from GHSA-vfp6-jrw2-99g9 Backport GHSA-vfp6-jrw2-99g9 Nov 14, 2023
@cpanato
bump golang to 1.19.13
dcf82e9 
Signed-off-by: cpanato <[email protected]>
@cpanato
update tests
77f6bd7 
Signed-off-by: cpanato <[email protected]>
@cpanato
Copy link
Member Author

cpanato commented Nov 14, 2023

What should we do with the failing tests?

@hectorj2f
Copy link
Contributor

I am not sure why we are seeing these errors. Do we need to update the tests to run on 1.13 ?

@cpanato
Copy link
Member Author

cpanato commented Nov 14, 2023

I am not sure why we are seeing these errors. Do we need to update the tests to run on 1.13 ?

not sure either :(

@bobcallaway
Copy link
Member

scaffolding is pinned sigstore/scaffolding/actions/setup@main which may have incompatible changes b/t when we cut the last v1 release?

@cpanato
Copy link
Member Author

cpanato commented Nov 14, 2023

scaffolding is pinned sigstore/scaffolding/actions/setup@main which may have incompatible changes b/t when we cut the last v1 release?

i will take a look on that tomorrow

@cpanato
Copy link
Member Author

cpanato commented Nov 14, 2023

scaffolding is pinned sigstore/scaffolding/actions/setup@main which may have incompatible changes b/t when we cut the last v1 release?

i will take a look on that tomorrow

passing that one now :)

@cpanato
update ko-local
e339d7f 
Signed-off-by: cpanato <[email protected]>
@cpanato cpanato marked this pull request as ready for review November 15, 2023 09:11
@cpanato
Copy link
Member Author

cpanato commented Nov 15, 2023

I will merge and check the post submits and try to run a rehearsal before we do the official release

@cpanato cpanato merged commit ea92927 into sigstore:release-1.13 Nov 15, 2023
18 checks passed
@cpanato cpanato deleted the backport branch November 15, 2023 09:12
@pdeslaur pdeslaur mentioned this pull request Dec 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@hectorj2f hectorj2f hectorj2f approved these changes

@bobcallaway bobcallaway bobcallaway approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cpanato @hectorj2f @bobcallaway @haydentherapper @AdamKorcz