Skip to content

Commit

Permalink
Merge pull request #1931 from ratify-project/dev
Browse files Browse the repository at this point in the history 
chore: automated PR to main 2024-11-17
  • Loading branch information
@binbin-li
binbin-li authored Nov 18, 2024
2 parents 4f3580f + 14f75c9 commit ba7672c
Show file tree
Hide file tree
Showing 15 changed files with 644 additions and 51 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,12 @@ jobs:
with:
go-version: "1.22"
- name: Initialize CodeQL
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # tag=v3.27.0
uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # tag=v3.27.4
with:
languages: go
- name: Run tidy
run: go mod tidy
- name: Build CLI
run: make build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # tag=v3.27.0
uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # tag=v3.27.4
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,6 @@ jobs:
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # tag=v3.27.0
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # tag=v3.27.4
with:
sarif_file: results.sarif
7 changes: 5 additions & 2 deletions charts/ratify/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t
| oras.authProviders.awsApiOverride.endpoint | Overrides ECR endpoint | `` |
| oras.authProviders.awsApiOverride.partition | Overrides ECR partition in the endpoint URL | `aws` |
| oras.authProviders.awsApiOverride.region | Overrides ECR region in the endpoint URL | `` |
| oras.authProviders.alibabacloudAcrBasicEnabled | Enables Alibaba Cloud ACR basic authentication provider | `false` |
| oras.cache.enabled | Enables ORAS store cache for ListReferrers and GetSubjectDescriptor. TTL-based cache may cause inconsistency between cache and data source. Please disable it if strong consistency is required.operations | `true` |
| oras.cache.ttl | Sets the ttl for ORAS store in seconds. cache | `10` |
| provider.tls.crt | Ratify server's tls public certificate | `` |
Expand Down Expand Up @@ -138,8 +139,10 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t
| azurekeyvault.vaultURI | Vault URI for Azure Key Vault | `` |
| azurekeyvault.tenantId | Tenant ID of the configured Azure Key Vault resource | `` |
| azurekeyvault.certificates | An array of certificate objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` |
| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` |
| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m. If it's not set, the refresh functionality will be disabled. | `` |
| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` |
| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m. If it's not set, the refresh functionality will be disabled. | `` |
| alibabacloudAcrConfig.defaultInstanceId | Default instance ID of the Alibaba Cloud Registry where the target artifacts stored | `` |
| alibabacloudAcrConfig.acrInstancesConfig | When images need to be pulled from multiple instances of Aliababa Cloud Registry, the instanceName and instanceId of the instances need to be defined separately in the list, e.g. acrInstancesConfig:<br/> - instanceName: name1<br/> instanceId: cri-xxx1<br/> - instanceName: name2<br/> instanceId: cri-xxx2<br /> | `[]` |
| notationCert | **DEPRECATED** Please switch to `notationCerts` to specify an array of verification certificates. Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` |
| akvCertConfig.enabled | **DEPRECATED** Please use `azurekeyvault.enabled` instead. Enables/disables Azure Key Vault certificate store. If you are using a custom chart, certificate store should be referenced through a Verifier CR. References in ConfigMap will not be correctly resolved. | `false` |
| akvCertConfig.vaultURI | **DEPRECATED** Please use `azurekeyvault.vaultURI` instead. Vault URI for AKV configured | `` |
Expand Down
7 changes: 7 additions & 0 deletions charts/ratify/templates/store.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@ spec:
authProvider:
name: awsEcrBasic
{{- end }}
{{- if .Values.oras.authProviders.alibabacloudAcrBasicEnabled }}
authProvider:
name: alibabacloudAcrBasic
defaultInstanceId: {{ .Values.alibabacloudAcrConfig.defaultInstanceId }}
acrInstancesConfig:
{{- toYaml .Values.alibabacloudAcrConfig.acrInstancesConfig | nindent 8 }}
{{- end }}
{{- if .Values.oras.cache.enabled }}
cacheEnabled: true
ttl: {{ .Values.oras.cache.ttl }}
Expand Down
6 changes: 6 additions & 0 deletions charts/ratify/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,10 @@ azurekeyvault:
keys: []
refreshInterval:

alibabacloudAcrConfig:
defaultInstanceId:
acrInstancesConfig: []

oras:
useHttp: false
authProviders:
Expand All @@ -94,6 +98,8 @@ oras:
endpoint: ""
partition: "" # defaults to aws
region: ""
alibabacloudAcrBasicEnabled: false

cache:
# Please tune your cache parameters to get better performance on the Oras Store performance.
enabled: true # ttl-based cache may cause inconsistency between cache and data source, please disable it if strong consistency is required.
Expand Down
7 changes: 7 additions & 0 deletions errors/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,4 +132,11 @@ var (
Message: "operation forbidden",
Description: "The requested operation is forbidden. Please verify the permission to the requested resource.",
})

// ErrorCodeConfigInvalid is returned if provided alibabacloud image is invalid.
ErrorCodeAlibabaCloudImageInvalid = Register("errcode", ErrorDescriptor{
Value: "ALIBABACLOUD_IMAGE_INVALID",
Message: "image invalid",
Description: `Invalid Alibaba Cloud Registry image format. Please verify your image configuration.`,
})
)
31 changes: 17 additions & 14 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,16 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry v0.2.2
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3
github.com/aws/aws-sdk-go-v2 v1.32.3
github.com/alibabacloud-go/cr-20181201/v2 v2.5.0
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
github.com/alibabacloud-go/tea v1.2.2
github.com/alibabacloud-go/tea-utils/v2 v2.0.7
github.com/aliyun/credentials-go v1.3.10
github.com/aws/aws-sdk-go-v2 v1.32.4
github.com/aws/aws-sdk-go-v2/config v1.27.43
github.com/aws/aws-sdk-go-v2/credentials v1.17.42
github.com/aws/aws-sdk-go-v2/credentials v1.17.44
github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6
github.com/cespare/xxhash/v2 v2.3.0
github.com/dapr/go-sdk v1.8.0
Expand Down Expand Up @@ -63,24 +69,21 @@ require (
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
github.com/alibabacloud-go/debug v1.0.0 // indirect
github.com/alibabacloud-go/debug v1.0.1 // indirect
github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
github.com/alibabacloud-go/tea v1.2.1 // indirect
github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/aliyun/credentials-go v1.3.1 // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.7 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
Expand Down Expand Up @@ -141,14 +144,14 @@ require (
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 // indirect
github.com/aws/smithy-go v1.22.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
Expand Down
Loading

0 comments on commit ba7672c

Please sign in to comment.