Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow copy and describe of SBOM, attestations and signatures from cosign #392

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Allow copy and describe of SBOM, attestations and signatures from cosign #392

wants to merge 1 commit into from

Conversation

joaopapereira
Copy link
Member

Rename flags to cosign-artifacts
Change logic to allow the retrieval of SBOM and attestations as well as
signatures for these images

Fixes #269

@joaopapereira joaopapereira had a problem deploying to TanzuNet Registry Dev e2e May 25, 2022 20:26 Failure
@joaopapereira joaopapereira temporarily deployed to GCR e2e May 25, 2022 20:26 Inactive
@joaopapereira joaopapereira temporarily deployed to GCR e2e May 25, 2022 21:27 Inactive
@joaopapereira joaopapereira had a problem deploying to TanzuNet Registry Dev e2e May 25, 2022 21:27 Failure
cppforlife
cppforlife reviewed Jun 3, 2022
View reviewed changes
pkg/imgpkg/artifacts/fetch_artifacts.go Outdated
Comment on lines 103 to 115
wg.Go(func() error {
artifactRef, err := s.retrieveArtifact(ref, throttle, SBOM)
if err != nil {
return err
}
if artifactRef == nil {
return nil
}
lock.Lock()
artifacts = append(artifacts, *artifactRef)
lock.Unlock()
return nil
})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do next three sections in a loop []x{SBOM, Attestation, Signature}?

@joaopapereira
Allow copy and describe of SBOM, attestations and signatures from cosign
b60b9f3 
Rename flags to `cosign-artifacts`
Change logic to allow the retrieval of SBOM and attestations as well as
signatures for these images

Signed-off-by: Joao Pereira <joaod@vmware.com>
@joaopapereira joaopapereira temporarily deployed to GCR e2e February 17, 2023 17:30 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cppforlife cppforlife cppforlife left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support sbom/attestation OCI artifacts similar to .sig signatures
3 participants
@joaopapereira @cppforlife @vmwclabot