Skip to content

Allow copy and describe of SBOM, attestations and signatures from cosign #392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joaopapereira wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Allow copy and describe of SBOM, attestations and signatures from cosign #392

joaopapereira wants to merge 1 commit into from

Conversation

@joaopapereira
Copy link
Member

@joaopapereira joaopapereira commented May 25, 2022

Rename flags to cosign-artifacts
Change logic to allow the retrieval of SBOM and attestations as well as
signatures for these images

Fixes #269

@joaopapereira joaopapereira had a problem deploying to TanzuNet Registry Dev e2e May 25, 2022 20:26 Failure
@joaopapereira joaopapereira temporarily deployed to GCR e2e May 25, 2022 20:26 Inactive
@joaopapereira joaopapereira temporarily deployed to GCR e2e May 25, 2022 21:27 Inactive
@joaopapereira joaopapereira had a problem deploying to TanzuNet Registry Dev e2e May 25, 2022 21:27 Failure
cppforlife
cppforlife reviewed Jun 3, 2022
View reviewed changes
pkg/imgpkg/artifacts/fetch_artifacts.go Outdated
Comment on lines 103 to 115
wg.Go(func() error {
artifactRef, err := s.retrieveArtifact(ref, throttle, SBOM)
if err != nil {
return err
}
if artifactRef == nil {
return nil
}
lock.Lock()
artifacts = append(artifacts, *artifactRef)
lock.Unlock()
return nil
})
Copy link
Contributor

@cppforlife cppforlife Jun 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do next three sections in a loop []x{SBOM, Attestation, Signature}?

@joaopapereira
Allow copy and describe of SBOM, attestations and signatures from cosign
b60b9f3 
Rename flags to `cosign-artifacts`
Change logic to allow the retrieval of SBOM and attestations as well as
signatures for these images

Signed-off-by: Joao Pereira <joaod@vmware.com>
@joaopapereira joaopapereira had a problem deploying to TanzuNet Registry Dev e2e February 17, 2023 17:30 — with GitHub Actions Failure
@joaopapereira joaopapereira temporarily deployed to GCR e2e February 17, 2023 17:30 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cppforlife cppforlife cppforlife left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-not-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

support sbom/attestation OCI artifacts similar to .sig signatures

4 participants

@joaopapereira @cppforlife @vmwclabot