From 62bbd6f27f2c013676466be3162e68b4360d173d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 22:18:26 +0000 Subject: [PATCH 01/12] build(deps): Bump actions/checkout from 3.5.3 to 4.0.0 (#781) --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dev-release.yml | 2 +- .github/workflows/release-github.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1674018b8..840595644 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Check out code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Cache Go modules uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 id: go-mod-cache diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 63b3f9a36..4f32dd424 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Set up Go ${{ matrix.go-version }} environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml index 6103ca20b..4aa6ce3a2 100644 --- a/.github/workflows/dev-release.yml +++ b/.github/workflows/dev-release.yml @@ -33,7 +33,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 - name: Set Git User diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index 165de7743..5cf931e8f 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -38,7 +38,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 - name: Set GoReleaser Previous Tag To Be Last Non Weekly Release diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ade100053..c3b81877d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # tag=4.0.0 with: persist-credentials: false From e0b596d3131428d885d2e8965f7eb573aa594543 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 22:19:54 +0000 Subject: [PATCH 02/12] build(deps): Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#782) --- .github/workflows/dev-release.yml | 2 +- .github/workflows/release-github.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml index 4aa6ce3a2..181df563e 100644 --- a/.github/workflows/dev-release.yml +++ b/.github/workflows/dev-release.yml @@ -49,7 +49,7 @@ jobs: git tag -af $TAG_VERSION -m "For weekly build" git push origin $TAG_VERSION - name: Run GoReleaser - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: distribution: goreleaser version: latest diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index 5cf931e8f..4418dbd94 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -46,7 +46,7 @@ jobs: pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1` echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: distribution: goreleaser version: latest From b7e5a6f0da3c0628f7a5452c62635c095ae88009 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 22:21:23 +0000 Subject: [PATCH 03/12] build(deps): Bump actions/cache from 3.3.1 to 3.3.2 (#779) --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 840595644..d72065251 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,7 +38,7 @@ jobs: - name: Check out code uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Cache Go modules - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 id: go-mod-cache with: path: ~/go/pkg/mod From b352d1e06d1970e8861a40c1b47be4f9b9e60a73 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 10 Oct 2023 10:31:11 +0800 Subject: [PATCH 04/12] fix: fix trust policy import (#794) Signed-off-by: Patrick Zheng --- cmd/notation/policy/import.go | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/cmd/notation/policy/import.go b/cmd/notation/policy/import.go index adeee4f70..d4d360514 100644 --- a/cmd/notation/policy/import.go +++ b/cmd/notation/policy/import.go @@ -53,21 +53,6 @@ Example - Import trust policy configuration from a file: } func runImport(command *cobra.Command, opts importOpts) error { - // optional confirmation - if !opts.force { - if _, err := trustpolicy.LoadDocument(); err == nil { - confirmed, err := cmdutil.AskForConfirmation(os.Stdin, "Existing trust policy configuration found, do you want to overwrite it?", opts.force) - if err != nil { - return err - } - if !confirmed { - return nil - } - } - } else { - fmt.Fprintln(os.Stderr, "Warning: existing trust policy configuration file will be overwritten") - } - // read configuration policyJSON, err := os.ReadFile(opts.filePath) if err != nil { @@ -83,6 +68,21 @@ func runImport(command *cobra.Command, opts importOpts) error { return fmt.Errorf("failed to validate trust policy: %w", err) } + // optional confirmation + if !opts.force { + if _, err := trustpolicy.LoadDocument(); err == nil { + confirmed, err := cmdutil.AskForConfirmation(os.Stdin, "Existing trust policy configuration found, do you want to overwrite it?", opts.force) + if err != nil { + return err + } + if !confirmed { + return nil + } + } + } else { + fmt.Fprintln(os.Stderr, "Warning: existing trust policy configuration file will be overwritten") + } + // write policyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy) if err != nil { From a3cf1bcb74cba50f8e4973f49f055895bbab2344 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:29:26 +0000 Subject: [PATCH 05/12] build(deps): Bump golang.org/x/term from 0.12.0 to 0.13.0 (#795) --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 00166a4e9..ea0d5da28 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - golang.org/x/term v0.12.0 + golang.org/x/term v0.13.0 oras.land/oras-go/v2 v2.2.1 ) @@ -27,5 +27,5 @@ require ( golang.org/x/crypto v0.11.0 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.12.0 // indirect + golang.org/x/sys v0.13.0 // indirect ) diff --git a/go.sum b/go.sum index a36e1980e..03a3ca00d 100644 --- a/go.sum +++ b/go.sum @@ -73,14 +73,14 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From e6216d3cfb1aedb9e5afe49b29155ea6d1e765c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:29:45 +0000 Subject: [PATCH 06/12] build(deps): Bump github/codeql-action from 2.21.5 to 2.22.0 (#797) --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4f32dd424..a41ba2beb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,8 +45,8 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Initialize CodeQL - uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 + uses: github/codeql-action/init@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 + uses: github/codeql-action/analyze@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c3b81877d..0b56fe0d7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,6 +59,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 + uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 with: sarif_file: results.sarif From f0fa912971079e6663a6facd65629ab5852d18c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:31:09 +0000 Subject: [PATCH 07/12] build(deps): Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#796) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0b56fe0d7..3e8cc8b06 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -44,7 +44,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # tag=v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # tag=v2.3.0 with: results_file: results.sarif results_format: sarif From 861503000dc5f5011db129dc89f5fc375793f4a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:31:40 +0000 Subject: [PATCH 08/12] build(deps): Bump actions/checkout from 4.0.0 to 4.1.0 (#789) --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dev-release.yml | 2 +- .github/workflows/release-github.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d72065251..4ed19494d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Check out code - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Cache Go modules uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 id: go-mod-cache diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a41ba2beb..01b0e71b3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Checkout repository - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Set up Go ${{ matrix.go-version }} environment uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml index 181df563e..40e91b8a7 100644 --- a/.github/workflows/dev-release.yml +++ b/.github/workflows/dev-release.yml @@ -33,7 +33,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 - name: Set Git User diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index 4418dbd94..ddf77033c 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -38,7 +38,7 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 - name: Set GoReleaser Previous Tag To Be Last Non Weekly Release diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3e8cc8b06..fd3de729d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # tag=4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=4.1.0 with: persist-credentials: false From 02f31da02b8f3dc6cd2584fd15423167ee2f5ded Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:57:49 +0000 Subject: [PATCH 09/12] build(deps): Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 (#786) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ea0d5da28..903d047d4 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/notaryproject/notation-core-go v1.0.0 github.com/notaryproject/notation-go v1.0.0 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc4 + github.com/opencontainers/image-spec v1.1.0-rc5 github.com/oras-project/oras-credentials-go v0.3.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 diff --git a/go.sum b/go.sum index 03a3ca00d..10dbfbfab 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ github.com/notaryproject/notation-go v1.0.0 h1:pH+0NVmZu1IhE8zUhK9Oxna3OlHNdy+cr github.com/notaryproject/notation-go v1.0.0/go.mod h1:NpfUnDt94vLSCJ8fAWplgTbf3fmq3JLSEnjDFl7j16U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= +github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/oras-project/oras-credentials-go v0.3.0 h1:Bg1d9iAmgo50RlaIy2XI5MQs7qL00DB3R9Q4JRP1VWs= github.com/oras-project/oras-credentials-go v0.3.0/go.mod h1:fFCebDQo0Do+gnM96uV9YUnRay0pwuRQupypvofsp4s= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= From 93e6853c2248bdcf523a13de550480a198bf6858 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 18:58:31 +0000 Subject: [PATCH 10/12] build(deps): Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 (#785) --- .github/workflows/dev-release.yml | 2 +- .github/workflows/release-github.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml index 40e91b8a7..76d27112e 100644 --- a/.github/workflows/dev-release.yml +++ b/.github/workflows/dev-release.yml @@ -49,7 +49,7 @@ jobs: git tag -af $TAG_VERSION -m "For weekly build" git push origin $TAG_VERSION - name: Run GoReleaser - uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: distribution: goreleaser version: latest diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index ddf77033c..7fbf390f0 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -46,7 +46,7 @@ jobs: pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1` echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: distribution: goreleaser version: latest From f205e6b27e1f2990ba0d08af3e1341055cc7b844 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 12 Oct 2023 02:13:15 +0800 Subject: [PATCH 11/12] feat: update notation cert list command output (#798) This PR updates the output format of `notation cert list` command. Resolves #609 and #772. Example output: ``` STORE TYPE STORE NAME CERTIFICATE ca myStore myCert.pem ``` Signed-off-by: Patrick Zheng --- cmd/notation/cert/list.go | 76 +++++++++++-------- .../internal/truststore/truststore.go | 16 ++-- internal/ioutil/print.go | 22 ++++++ specs/commandline/certificate.md | 16 +++- test/e2e/suite/scenario/quickstart.go | 6 +- 5 files changed, 95 insertions(+), 41 deletions(-) diff --git a/cmd/notation/cert/list.go b/cmd/notation/cert/list.go index 3e757f35e..bcaceebc3 100644 --- a/cmd/notation/cert/list.go +++ b/cmd/notation/cert/list.go @@ -16,12 +16,14 @@ package cert import ( "context" "fmt" + "os" "github.com/notaryproject/notation-go/dir" "github.com/notaryproject/notation-go/log" notationgoTruststore "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/truststore" "github.com/notaryproject/notation/internal/cmd" + "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" ) @@ -75,58 +77,72 @@ func listCerts(ctx context.Context, opts *certListOpts) error { // List all certificates under truststore/x509, display empty if there's // no certificate yet if namedStore == "" && storeType == "" { - path, err := configFS.SysPath(dir.TrustStoreDir, "x509") - if err := truststore.CheckNonErrNotExistError(err); err != nil { - return err - } - if err := truststore.CheckNonErrNotExistError(truststore.ListCerts(path, 2)); err != nil { - logger.Debugln("Failed to complete list at path:", path) - return fmt.Errorf("failed to list all certificates stored in the trust store, with error: %s", err.Error()) + var certPaths []string + for _, t := range notationgoTruststore.Types { + path, err := configFS.SysPath(dir.TrustStoreDir, "x509", string(t)) + if err := truststore.CheckNonErrNotExistError(err); err != nil { + return err + } + certs, err := truststore.ListCerts(path, 1) + if err := truststore.CheckNonErrNotExistError(err); err != nil { + logger.Debugln("Failed to complete list at path:", path) + return fmt.Errorf("failed to list all certificates stored in the trust store, with error: %s", err.Error()) + } + certPaths = append(certPaths, certs...) } - - return nil + return ioutil.PrintCertMap(os.Stdout, certPaths) } // List all certificates under truststore/x509/storeType/namedStore, - // display empty if there's no such certificate + // display empty if store type is invalid or there's no certificate yet if namedStore != "" && storeType != "" { + if !truststore.IsValidStoreType(storeType) { + return nil + } path, err := configFS.SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } - if err := truststore.CheckNonErrNotExistError(truststore.ListCerts(path, 0)); err != nil { + certPaths, err := truststore.ListCerts(path, 0) + if err := truststore.CheckNonErrNotExistError(err); err != nil { logger.Debugln("Failed to complete list at path:", path) return fmt.Errorf("failed to list all certificates stored in the named store %s of type %s, with error: %s", namedStore, storeType, err.Error()) } - - return nil + return ioutil.PrintCertMap(os.Stdout, certPaths) } - // List all certificates under x509/storeType, display empty if - // there's no certificate yet + // List all certificates under x509/storeType, display empty if store type + // is invalid or there's no certificate yet if storeType != "" { + if !truststore.IsValidStoreType(storeType) { + return nil + } path, err := configFS.SysPath(dir.TrustStoreDir, "x509", storeType) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } - if err := truststore.CheckNonErrNotExistError(truststore.ListCerts(path, 1)); err != nil { + certPaths, err := truststore.ListCerts(path, 1) + if err := truststore.CheckNonErrNotExistError(err); err != nil { logger.Debugln("Failed to complete list at path:", path) return fmt.Errorf("failed to list all certificates stored of type %s, with error: %s", storeType, err.Error()) } - } else { - // List all certificates under named store namedStore, display empty if - // there's no such certificate - for _, t := range notationgoTruststore.Types { - path, err := configFS.SysPath(dir.TrustStoreDir, "x509", string(t), namedStore) - if err := truststore.CheckNonErrNotExistError(err); err != nil { - return err - } - if err := truststore.CheckNonErrNotExistError(truststore.ListCerts(path, 0)); err != nil { - logger.Debugln("Failed to complete list at path:", path) - return fmt.Errorf("failed to list all certificates stored in the named store %s, with error: %s", namedStore, err.Error()) - } - } + return ioutil.PrintCertMap(os.Stdout, certPaths) } - return nil + // List all certificates under named store namedStore, display empty if + // there's no certificate yet + var certPaths []string + for _, t := range notationgoTruststore.Types { + path, err := configFS.SysPath(dir.TrustStoreDir, "x509", string(t), namedStore) + if err := truststore.CheckNonErrNotExistError(err); err != nil { + return err + } + certs, err := truststore.ListCerts(path, 0) + if err := truststore.CheckNonErrNotExistError(err); err != nil { + logger.Debugln("Failed to complete list at path:", path) + return fmt.Errorf("failed to list all certificates stored in the named store %s, with error: %s", namedStore, err.Error()) + } + certPaths = append(certPaths, certs...) + } + return ioutil.PrintCertMap(os.Stdout, certPaths) } diff --git a/cmd/notation/internal/truststore/truststore.go b/cmd/notation/internal/truststore/truststore.go index 4125dff4d..39edb0658 100644 --- a/cmd/notation/internal/truststore/truststore.go +++ b/cmd/notation/internal/truststore/truststore.go @@ -85,12 +85,12 @@ func AddCert(path, storeType, namedStore string, display bool) error { return nil } -// ListCerts walks through root and lists all x509 certificates in it, +// ListCerts walks through root and returns all x509 certificates in it, // sub-dirs are ignored. -func ListCerts(root string, depth int) error { +func ListCerts(root string, depth int) ([]string, error) { maxDepth := strings.Count(root, string(os.PathSeparator)) + depth - - return filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error { + var certPaths []string + if err := filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error { if err != nil { return err } @@ -107,11 +107,15 @@ func ListCerts(root string, depth int) error { return err } if len(certs) != 0 { - fmt.Println(path) + certPaths = append(certPaths, path) } } return nil - }) + }); err != nil { + return nil, err + } + + return certPaths, nil } // ShowCerts writes out details of certificates diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 055f0b547..a7a3bac6c 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -17,6 +17,7 @@ import ( "encoding/json" "fmt" "io" + "path/filepath" "text/tabwriter" "github.com/notaryproject/notation-go/config" @@ -26,6 +27,7 @@ func newTabWriter(w io.Writer) *tabwriter.Writer { return tabwriter.NewWriter(w, 0, 0, 3, ' ', 0) } +// PrintKeyMap prints out key information given array of KeySuite func PrintKeyMap(w io.Writer, target *string, v []config.KeySuite) error { tw := newTabWriter(w) fmt.Fprintln(tw, "NAME\tKEY PATH\tCERTIFICATE PATH\tID\tPLUGIN NAME\t") @@ -47,6 +49,7 @@ func PrintKeyMap(w io.Writer, target *string, v []config.KeySuite) error { return tw.Flush() } +// PrintMetadataMap prints out metadata given the metatdata map func PrintMetadataMap(w io.Writer, metadata map[string]string) error { tw := newTabWriter(w) fmt.Fprintln(tw, "\nKEY\tVALUE\t") @@ -58,6 +61,25 @@ func PrintMetadataMap(w io.Writer, metadata map[string]string) error { return tw.Flush() } +// PrintCertMap lists certificate files in the trust store given array of cert +// paths +func PrintCertMap(w io.Writer, certPaths []string) error { + if len(certPaths) == 0 { + return nil + } + tw := newTabWriter(w) + fmt.Fprintln(tw, "STORE TYPE\tSTORE NAME\tCERTIFICATE\t") + for _, cert := range certPaths { + fileName := filepath.Base(cert) + dir := filepath.Dir(cert) + namedStore := filepath.Base(dir) + dir = filepath.Dir(dir) + storeType := filepath.Base(dir) + fmt.Fprintf(tw, "%s\t%s\t%s\t\n", storeType, namedStore, fileName) + } + return tw.Flush() +} + // PrintObjectAsJSON takes an interface and prints it as an indented JSON string func PrintObjectAsJSON(i interface{}) error { jsonBytes, err := json.MarshalIndent(i, "", " ") diff --git a/specs/commandline/certificate.md b/specs/commandline/certificate.md index bbb052625..2822d79e0 100644 --- a/specs/commandline/certificate.md +++ b/specs/commandline/certificate.md @@ -151,15 +151,23 @@ Upon successful adding, the certificate files are added into directory`{NOTATION notation certificate list ``` -Upon successful listing, all the certificate files in the trust store are printed out in a format of absolute filepath. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. +Upon successful listing, all the certificate files in the trust store are printed out with information of store type, store name and certificate file name. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. +An example of the output: +``` +STORE TYPE STORE NAME CERTIFICATE +ca myStore1 cert1.pem +ca myStore2 cert2.crt +signingAuthority myStore1 cert3.crt +signingAuthority myStore2 cert4.pem +``` ### List all certificate files of a certain named store ```bash notation cert list --store ``` -Upon successful listing, all the certificate files in the trust store named `` are printed out in a format of absolute filepath. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. +Upon successful listing, all the certificate files in the trust store named `` are printed out with information of store type, store name and certificate file name. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. ### List all certificate files of a certain type of store @@ -167,7 +175,7 @@ Upon successful listing, all the certificate files in the trust store named ` ``` -Upon successful listing, all the certificate files in the trust store of type `` are printed out in a format of absolute filepath. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. +Upon successful listing, all the certificate files in the trust store of type `` are printed out with information of store type, store name and certificate file name. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. ### List all certificate files of a certain named store of a certain type @@ -175,7 +183,7 @@ Upon successful listing, all the certificate files in the trust store of type `< notation cert list --type --store ``` -Upon successful listing, all the certificate files in the trust store named `` of type `` are printed out in a format of absolute filepath. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. +Upon successful listing, all the certificate files in the trust store named `` of type `` are printed out with information of store type, store name and certificate file name. If the listing fails, an error message is printed out with specific reasons. Nothing is printed out if the trust store is empty. ### Show details of a certain certificate file diff --git a/test/e2e/suite/scenario/quickstart.go b/test/e2e/suite/scenario/quickstart.go index ddf0aa46c..b04f5b22e 100644 --- a/test/e2e/suite/scenario/quickstart.go +++ b/test/e2e/suite/scenario/quickstart.go @@ -62,7 +62,11 @@ var _ = Describe("notation quickstart E2E test", Ordered, func() { ) notation.Exec("cert", "ls"). - MatchKeyWords("notation/truststore/x509/ca/wabbit-networks.io/wabbit-networks.io.crt") + MatchKeyWords( + "ca", + "wabbit-networks.io", + "wabbit-networks.io.crt", + ) }) It("sign the container image with jws format (by default)", func() { From 6265bf82afab91032ce24a6ae352ba797d2fa499 Mon Sep 17 00:00:00 2001 From: Junjie Gao Date: Thu, 12 Oct 2023 09:57:01 +0800 Subject: [PATCH 12/12] fix: Code scanning issues (#799) Signed-off-by: Junjie Gao --- .github/workflows/dev-release.yml | 66 --------------------------- .github/workflows/license-checker.yml | 6 ++- 2 files changed, 4 insertions(+), 68 deletions(-) delete mode 100644 .github/workflows/dev-release.yml diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml deleted file mode 100644 index 76d27112e..000000000 --- a/.github/workflows/dev-release.yml +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright The Notary Project Authors. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: dev-release - -on: - schedule: - - cron: '0 16 * * 0' # at 16:00 on Sunday (UTC) - workflow_dispatch: - -jobs: - build: - name: Weekly Release Notation Binaries - runs-on: ubuntu-20.04 - strategy: - matrix: - go-version: ['1.20'] - fail-fast: true - steps: - - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: ${{ matrix.go-version }} - check-latest: true - - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - with: - fetch-depth: 0 - - name: Set Git User - run: | - git config user.name "${GITHUB_ACTOR}" - git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" - - name: Create Version Tag - run: | - # get project version: .dev. - export TAG_VERSION=`cat ./internal/version/version.go | grep "Version = " | awk -F '"' '{print $2}'`.dev.`date +%Y%m%d` - - # create new tag - git tag -af $TAG_VERSION -m "For weekly build" - git push origin $TAG_VERSION - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 - with: - distribution: goreleaser - version: latest - args: release -f ./.dev.goreleaser.yml --rm-dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Delete old dev release - uses: dev-drprasad/delete-older-releases@653dc03d96473ac9e585c68c8bf5aaccb0dadb61 # v0.2.1 - with: - keep_latest: 1 - delete_tag_pattern: ".dev." - delete_tags: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/license-checker.yml b/.github/workflows/license-checker.yml index 71f99530f..07303f82e 100644 --- a/.github/workflows/license-checker.yml +++ b/.github/workflows/license-checker.yml @@ -20,9 +20,11 @@ on: branches: main permissions: - contents: write - pull-requests: write + contents: read jobs: check-license: + permissions: + contents: write + pull-requests: write uses: notaryproject/notation-core-go/.github/workflows/reusable-license-checker.yml@main \ No newline at end of file