diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f4ae073b..a17354cb5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -59,6 +59,6 @@ jobs: make e2e-covdata fi - name: Upload coverage to codecov.io - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 00ae70369..edfa83d88 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,8 +49,8 @@ jobs: go-version: ${{ matrix.go-version }} check-latest: true - name: Initialize CodeQL - uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 26d96514f..e7219e379 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -61,6 +61,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/specs/commandline/blob.md b/specs/commandline/blob.md index daeedeb22..230b390ba 100644 --- a/specs/commandline/blob.md +++ b/specs/commandline/blob.md @@ -72,7 +72,7 @@ Flags: ```text Produce a detached signature for a given blob. -The signature file will be written to the currently working directory with file name "{blob file name}.{signature format}.sig". +The signature file will be written to the currently working directory with file name `{blob file name}.{signature format}.sig`. Usage: notation blob sign [flags] @@ -98,7 +98,7 @@ Flags: ### notation blob inspect ```text -Inspect a signature associated with a blob +Inspect a signature associated with a blob. Usage: notation blob inspect [flags] @@ -129,7 +129,7 @@ Flags: ### notation blob policy import ```text -Import blob trust policy configuration from a JSON file +Import blob trust policy configuration from a JSON file. Usage: notation blob policy import [flags] @@ -142,7 +142,7 @@ Flags: ### notation blob policy show ```text -Show blob trust policy configuration +Show blob trust policy configuration. Usage: notation blob policy show [flags] @@ -154,7 +154,7 @@ Flags: ### notation blob verify ```text -Verify a signature associated with a blob +Verify a signature associated with a blob. Usage: notation blob verify [flags] --signature @@ -280,19 +280,19 @@ notation blob sign --key /tmp/my-blob.bin ```text -notation blob inspect [flags] /tmp/my-blob.bin.sig.jws +notation blob inspect [flags] /tmp/my-blob.bin.jws.sig ``` ### Inspect the given blob signature ```shell # Prerequisites: Signatures is produced by notation blob sign command -notation blob inspect /tmp/my-blob.bin.sig.jws +notation blob inspect /tmp/my-blob.bin.jws.sig ``` An example output: ```shell -/tmp/my-blob.bin.sig.jws +/tmp/my-blob.bin.jws.sig ├── signature algorithm: RSASSA-PSS-SHA-256 ├── signature envelope type: jws ├── signed attributes @@ -326,7 +326,7 @@ An example output: ### Inspect the given blob signature with JSON Output ```shell -notation blob inspect -o json /tmp/my-blob.bin.sig.jws +notation blob inspect -o json /tmp/my-blob.bin.jws.sig ``` ## Import/Export trust policy configuration files @@ -426,13 +426,13 @@ notation certificate add --type ca --store wabbit-networks wabbit-networks.crt # Setup the trust policy in a JSON file named "trustpolicy.blob.json" under directory "{NOTATION_CONFIG}". # Verify the blob signature -notation blob verify --signature /tmp/my-blob.bin.sig.jws /tmp/my-blob.bin +notation blob verify --signature /tmp/my-blob.bin.jws.sig /tmp/my-blob.bin ``` An example of output messages for a successful verification: ```text -Successfully verified signature /tmp/my-blob.bin.sig.jws +Successfully verified signature /tmp/my-blob.bin.jws.sig ``` ### Verify the signature with user metadata @@ -441,13 +441,13 @@ Use the `--user-metadata` flag to verify that provided key-value pairs are prese ```shell # Verify the signature and verify that io.wabbit-networks.buildId=123 is present in the signed payload -notation blob verify --user-metadata io.wabbit-networks.buildId=123 --signature /tmp/my-blob.bin.sig.jws /tmp/my-blob.bin +notation blob verify --user-metadata io.wabbit-networks.buildId=123 --signature /tmp/my-blob.bin.jws.sig /tmp/my-blob.bin ``` An example of output messages for a successful verification: ```text -Successfully verified signature /tmp/my-blob.bin.sig.jws +Successfully verified signature /tmp/my-blob.bin.jws.sig The signature contains the following user metadata: @@ -467,13 +467,13 @@ Use the `--media-type` flag to verify that signature is for the provided media-t ```shell # Verify the signature and verify that application/my-media-octet-stream is the media type -notation blob verify --media-type application/my-media-octet-stream --signature /tmp/my-blob.bin.sig.jws /tmp/my-blob.bin +notation blob verify --media-type application/my-media-octet-stream --signature /tmp/my-blob.bin.jws.sig /tmp/my-blob.bin ``` An example of output messages for a successful verification: ```text -Successfully verified signature /tmp/my-blob.bin.sig.jws +Successfully verified signature /tmp/my-blob.bin.jws.sig The blob is of media type `application/my-media-octet-stream`. @@ -490,13 +490,13 @@ Error: Signature verification failed due to a mismatch in the blob's media type Use the `--policy-name` flag to select a policy to verify the signature against. ```shell -notation blob verify --policy-name wabbit-networks-policy --signature ./sigs/my-blob.bin.sig.jws ./blobs/my-blob.bin +notation blob verify --policy-name wabbit-networks-policy --signature ./sigs/my-blob.bin.jws.sig ./blobs/my-blob.bin ``` An example of output messages for a successful verification: ```text -Successfully verified signature ./sigs/my-blob.bin.sig.jws using policy `wabbit-networks-policy` +Successfully verified signature ./sigs/my-blob.bin.jws.sig using policy `wabbit-networks-policy` ``` An example of output messages for an unsuccessful verification: diff --git a/test/e2e/go.mod b/test/e2e/go.mod index f2f4ffb7d..ad0fadc78 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -5,8 +5,8 @@ go 1.23 require ( github.com/notaryproject/notation-core-go v1.2.0-rc.1.0.20241129024749-95d89543c9f9 github.com/notaryproject/notation-go v1.2.0-beta.1.0.20241202020354-95bac0082974 - github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.36.1 + github.com/onsi/ginkgo/v2 v2.22.1 + github.com/onsi/gomega v1.36.2 github.com/opencontainers/image-spec v1.1.0 oras.land/oras-go/v2 v2.5.0 ) @@ -16,7 +16,7 @@ require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/veraison/go-cose v1.3.0 // indirect @@ -26,7 +26,7 @@ require ( golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.26.0 // indirect + golang.org/x/tools v0.28.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/test/e2e/go.sum b/test/e2e/go.sum index d58036836..a430a03ac 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -8,18 +8,18 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/notaryproject/notation-core-go v1.2.0-rc.1.0.20241129024749-95d89543c9f9 h1:FURo9xpGLKmghWCcWypCPQTlcOGKxzayeXacGfb8WUU= github.com/notaryproject/notation-core-go v1.2.0-rc.1.0.20241129024749-95d89543c9f9/go.mod h1:Umjn4NKGmuHpVffMgKVcUnArNG3Qtd3duKYpPILUBg4= github.com/notaryproject/notation-go v1.2.0-beta.1.0.20241202020354-95bac0082974 h1:EQ9DC25U7hWbBIOlwINxPhr9QEyixg1/Fo5ZZW+3JSU= github.com/notaryproject/notation-go v1.2.0-beta.1.0.20241202020354-95bac0082974/go.mod h1:6a3/g7yD/8dxxBpimzUWthH8DLBrzHs4RTzdz9CALvw= github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c h1:bX6gGxFw9+DShmYTgbD+vr6neF1SoXIMUU2fDgdLsfA= github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -42,10 +42,10 @@ golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=