Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-v2.10] adding slsa file for bypassing for chart slsa compliance #4760

Merged
merged 3 commits into from
Nov 19, 2024
Merged

[release-v2.10] adding slsa file for bypassing for chart slsa compliance #4760

merged 3 commits into from
Nov 19, 2024

Conversation

nicholasSUSE
Copy link
Collaborator

@nicholasSUSE nicholasSUSE commented Nov 13, 2024
edited
Loading

Adding slsa.yaml file because of this: rancher/charts-build-scripts#153

@nicholasSUSE nicholasSUSE mentioned this pull request Nov 14, 2024
Merged
@nicholasSUSE nicholasSUSE marked this pull request as ready for review November 14, 2024 00:16
@nicholasSUSE nicholasSUSE requested a review from a team November 14, 2024 00:17
@pjbgf
Copy link
Member

pjbgf commented Nov 14, 2024

Should this be kept at the default branch instead of on a release branch? If this is branch-specific, we may have issues when that configuration is out of sync across all the release branches for a given branch - as the configuration is at image-level.

@nicholasSUSE
Copy link
Collaborator Author

Should this be kept at the default branch instead of on a release branch? If this is branch-specific, we may have issues when that configuration is out of sync across all the release branches for a given branch - as the configuration is at image-level.

No, this should only be kept in release branches.

The regsync job is only run on release branches.
We never sync to the prime registry at development level because there are lot of rc images going on there.

The sync of the regsync.yaml file won't be lost across different branches like (release-v2.9 and release-v2.10).
However, I am assuming that from this point on, all future cis-operator images will be SLSA. Therefore, they should never be synced to the prime registry again.

Am I right in this assumption?

@pjbgf
Copy link
Member

pjbgf commented Nov 14, 2024

Am I right in this assumption?

Yes, that's correct. We sign and publish Prime images for all the currently supported release lines for cis-operator.

@nicholasSUSE nicholasSUSE changed the title adding slsa file for bypassing for chart slsa compliance [release-v2.10] adding slsa file for bypassing for chart slsa compliance Nov 19, 2024
@nicholasSUSE nicholasSUSE merged commit f95f717 into rancher:release-v2.10 Nov 19, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tashima42 tashima42 tashima42 approved these changes

@pjbgf pjbgf pjbgf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nicholasSUSE @pjbgf @tashima42