Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump sigstore-conformance to v0.0.14 release #3965

Merged
merged 15 commits into from
Dec 16, 2024
Merged

bump sigstore-conformance to v0.0.14 release #3965

merged 15 commits into from
Dec 16, 2024

Conversation

bobcallaway
Copy link
Member

@bobcallaway bobcallaway commented Dec 12, 2024
edited
Loading

This updates to the latest release of sigstore-conformance

@bobcallaway bobcallaway requested a review from a team as a code owner December 12, 2024 16:16
@codecov Codecov
Copy link

codecov bot commented Dec 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 69.23077% with 12 lines in your changes missing coverage. Please review.

Project coverage is 36.46%. Comparing base (2ef6022) to head (60af466).
Report is 254 commits behind head on main.

Files with missing lines Patch % Lines
cmd/cosign/cli/verify/verify_bundle.go 55.00% 6 Missing and 3 partials ⚠️
cmd/cosign/cli/trustedroot/trustedroot.go 84.21% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3965      +/-   ##
==========================================
- Coverage   40.10%   36.46%   -3.65%     
==========================================
  Files         155      209      +54     
  Lines       10044    13312    +3268     
==========================================
+ Hits         4028     4854     +826     
- Misses       5530     7839    +2309     
- Partials      486      619     +133

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

codysoyland
codysoyland reviewed Dec 12, 2024
View reviewed changes
Copy link
Member

@codysoyland codysoyland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little -1 on this, as a change in conformance testing can cause builds to start failing (so we'd need to fix it right away or override branch protection). Dependabot PRs should already take care of the version bumps, and we can see the test failures before they land in main. Of course, releases only happen so often so it's nice to know about failures early...

Alternatively, we can have two conformance workflows, one with the latest pinned release and the second running against main, and only use branch protection on the pinned one so that branch protection is stable. What do you think of that?

@bobcallaway
add file_or_digest parsing
73aa398 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
fix lint
87d7063 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
Copy link
Member Author

I'm a little -1 on this, as a change in conformance testing can cause builds to start failing (so we'd need to fix it right away or override branch protection). Dependabot PRs should already take care of the version bumps, and we can see the test failures before they land in main. Of course, releases only happen so often so it's nice to know about failures early...

Alternatively, we can have two conformance workflows, one with the latest pinned release and the second running against main, and only use branch protection on the pinned one so that branch protection is stable. What do you think of that?

aside: dependabot wasn't working here, because this was back pinned to v0.0.11 which was released in March...

@bobcallaway bobcallaway mentioned this pull request Dec 14, 2024
Merged
bobcallaway and others added 11 commits December 14, 2024 11:47
@bobcallaway
add tentative support for passing digest
2678134 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
fix lint
d5ca305 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
bump sigstore-go up to latest release
215c35c 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
bump to latest on sigstore-go
48febc8 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
Merge branch 'main' into conf_main_pin
5d2a78f 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
go mod tidy
f3daa75 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
fixes for sigstore-go
dd36b6a 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
fix go version, e2e tests
4bc13bb 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
remove sign/verify
394eb00 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
Merge remote-tracking branch 'upstream/main' into conf_main_pin
79dedae 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway
pin at 0.0.14
861566f 
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway bobcallaway changed the title pin conformance tests to the tip of main bump sigstore-conformance to v0.0.14 release Dec 16, 2024
@bobcallaway
Copy link
Member Author

I'm a little -1 on this, as a change in conformance testing can cause builds to start failing (so we'd need to fix it right away or override branch protection). Dependabot PRs should already take care of the version bumps, and we can see the test failures before they land in main. Of course, releases only happen so often so it's nice to know about failures early...

Alternatively, we can have two conformance workflows, one with the latest pinned release and the second running against main, and only use branch protection on the pinned one so that branch protection is stable. What do you think of that?

i'll downscope this change to just get to the latest release. I still vote +1 on this because if we have a valid conformance test that isn't passing on a client, then the client should be updated ASAP in my opinion (and block other changes/releases).

@bobcallaway
fix lint
60af466 
Signed-off-by: Bob Callaway <[email protected]>
@haydentherapper haydentherapper enabled auto-merge (squash) December 16, 2024 18:48
@haydentherapper haydentherapper merged commit 6094066 into sigstore:main Dec 16, 2024
23 checks passed
@codysoyland codysoyland mentioned this pull request Dec 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codysoyland codysoyland codysoyland left review comments

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bobcallaway @codysoyland @haydentherapper