Comments (1)
bit more detail:
securesystemslib/signer/_sigstore-signer.py already has a convenience method to import a key via authenticating: this is useful for the interactive case but not for github actions case. For GitHub Actions you currently need to know how to build the identity and issuer strings: examples are
"https://github.com/jku/tuf-on-ci-sigstore-test/.github/workflows/online-sign.yml@refs/heads/main" and "https://token.actions.githubusercontent.com").
We can create a convenience method for this since for GitHub Actions the latter value is constant and the former is built of components that will be easier to understand if they are separated arguments... The convenience method would just build the identity and issuer strings and call cls.import_()
.
github action import
@classmethod
def import_github_actions(
cls, project: str, workflow_path: str, ref=None: Optional[str]
) -> Tuple[str, SigstoreKey]
this would be called like uri, key = SigstoreSigner.import_github_actions("jku/tuf-on-ci-sigstore-test", ".github/workflows/online-sign.yml")
: this would create a uri and key for the https://github.com/jku/tuf-on-ci-sigstore-test project main branch (where identity is https://github.com/jku/tuf-on-ci-sigstore-test/.github/workflows/online-sign.yml@refs/heads/main
and issuer is https://token.actions.githubusercontent.com
)
from securesystemslib.
Related Issues (20)
- How should I load signers for immediate signing, e.g. in CLI? HOT 2
- Does `AWSSigner.import_()` really require scheme string? HOT 8
- "ecdsa-sha2-nistp256" wrongly used as default scheme for any "ecdsa" key
- signer api: clarify keyids in signatures HOT 2
- fix permisssions on check-upstream-ed25519 workflow
- ed25519 upstream has new commits
- ecdsa keytypes issue, again HOT 1
- Remove legacy interfaces/implementation HOT 3
- Auto-update pre-commit plugins HOT 8
- Issues for KubeCon EU contribfest HOT 2
- review default signer & key selection HOT 3
- AzureSigner: import_ may return *unsupported* ecdsa-sha2-nistp521 scheme
- AWSSigner: may return *incorrect* ecdsa-sha2-nistp512 scheme
- SSlibKey: consider stronger validation of keytype/scheme for keyval HOT 1
- SigstoreSigner is temporarily broken HOT 2
- gpg tests fail if a yubikey is connected HOT 3
- Get a CryptographyDeprecationWarning just calling generate_ecdsa_key() HOT 2
- CryptoSigner should expose private key bytes
- 1.0 release HOT 3
- VaultSigner test unexpectedly does not depend on environment variables
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securesystemslib.