Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using deprecated SLSA provenence struct type #1017

Closed
wants to merge 1 commit into from
Closed

Stop using deprecated SLSA provenence struct type #1017

wants to merge 1 commit into from

Conversation

simonbaird
Copy link
Member

The in_toto.ProvenanceStatementSLSA02 struct is identical to the deprecated in_toto.ProvenanceStatement struct. Let's stop using the older one.

https://github.com/in-toto/in-toto-golang/blob/8a5dc9e6d8637cf72c4b5103216ce3445e053a14/in_toto/attestations.go#L66

@simonbaird
Stop using deprecated SLSA provenence struct type
a9987a7 
The in_toto.ProvenanceStatementSLSA02 struct is identical to the deprecated
in_toto.ProvenanceStatement struct. Let's stop using the older one.

https://github.com/in-toto/in-toto-golang/blob/8a5dc9e6d8637cf72c4b5103216ce3445e053a14/in_toto/attestations.go#L66
@codecov
Copy link

codecov bot commented Sep 14, 2023

Codecov Report

Merging #1017 (a9987a7) into main (c118e5a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1017   +/-   ##
=======================================
  Coverage   79.20%   79.20%           
=======================================
  Files          58       58           
  Lines        4924     4924           
=======================================
  Hits         3900     3900           
  Misses       1024     1024
Flag Coverage Δ
generative 51.77% <ø> (ø)
integration 62.34% <ø> (ø)
unit 70.97% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@lcarva
Copy link
Member

lcarva commented Sep 15, 2023

Seeing these errors in the acceptance tests:

Error: received statement of unsupported type: {{https://in-toto.io/Statement/v0.1 https://slsa.dev/provenance/v0.2 [{acceptance/image map[sha256:362ff6d6a41a1df2325e23dfbdd323a864be835d953006f267f1d28a8a3a170d]}]} {{[https://tekton.dev/chains/v2}](https://tekton.dev/chains/v2%7D) https://tekton.dev/attestations/chains/pipelinerun@v2 {{ map[] } <nil> <nil>} <nil> <nil> []}}

@lcarva
Copy link
Member

lcarva commented Sep 15, 2023
edited
Loading

Ha! That's because cosign is still using the old deprecated format: https://github.com/sigstore/cosign/blob/ee66f352f5c657fa7d803442a31dc79012178167/pkg/cosign/attestation/attestation.go#L216

So we either wait for that to be updated, make a change to cosign, or change this assertion in our tests.

UPDATE: Created sigstore/cosign#3243

@simonbaird
Copy link
Member Author

Huh, that's interesting. I guess this is a breaking change, both here and for cosign. Better move it to draft for now then.

@simonbaird simonbaird marked this pull request as draft September 18, 2023 16:57
@simonbaird
Copy link
Member Author

https://www.github.com/sigstore/cosign/pull/3243 was merged.

@zregvart
Copy link
Member

We did this in #1158, close?

@simonbaird
Copy link
Member Author

We did this in #1158, close?

Cool, thanks. Closing.

@simonbaird simonbaird closed this Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@simonbaird @lcarva @zregvart