chore(actions): Add doc how to verify GitHub Attestations with GitHub cli and verify release artifacts with Cosign#2846
Conversation
ViacheslavKudinov
force-pushed
the
maintenance/add-attestation
branch
from
10dbe42 to
cc98a12
Compare
Signed-off-by: Viacheslav Kudinov <[email protected]>
ViacheslavKudinov
force-pushed
the
maintenance/add-attestation
branch
from
cc98a12 to
4d2ad53
Compare
|
Any known thing why we may regret by adding attestation? Just loudly thinking if anything we need to consider |
ViacheslavKudinov
changed the title
github-actions
Bot
added
the
Type: Maintenance
ViacheslavKudinov
changed the title
Signed-off-by: Viacheslav Kudinov <[email protected]>
|
@nickfloyd @stevehipwell I've updated PR to resolve conflicts after workflows were updated. Please, feel free to suggest any updates. |
stevehipwell
left a comment
stevehipwell
left a comment
There was a problem hiding this comment.
Would it be possible to add the cosign equivalents of the gh commands? We also ought to provide the command to verify the SHA256SUMS file signature.
ViacheslavKudinov
force-pushed
the
maintenance/add-attestation
branch
from
c992315 to
56c8a2e
Compare
ViacheslavKudinov
changed the title
ViacheslavKudinov
force-pushed
the
maintenance/add-attestation
branch
from
56c8a2e to
17126dc
Compare
ViacheslavKudinov
force-pushed
the
maintenance/add-attestation
branch
from
17126dc to
00de37c
Compare
|
@stevehipwell i've updated doc. Please, let me know if something else was expected or i've missed. |
stevehipwell
left a comment
stevehipwell
left a comment
There was a problem hiding this comment.
I've added some comments, note that you can also verify the attestations with cosign.
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
@stevehipwell thanks for the suggestions. I had a chance to make the changes. Could you check how it looks now ? Thank you in advance. |
stevehipwell
left a comment
stevehipwell
left a comment
There was a problem hiding this comment.
I think the headings still need to be capitalized, I've mad some changes in the spirit of being concise but the real point is to get the capitalization right.
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
Oh, sorry i didn't get it correctly. Is it some "known rule" how capitalization should happen in "heading" ? I'm not aware that there is something in place, but doesn't mean it is not there. |
stevehipwell
left a comment
stevehipwell
left a comment
There was a problem hiding this comment.
Thanks for your patience @ViacheslavKudinov.
LGTM
stevehipwell
added
the
Type: Documentation
|
@ViacheslavKudinov could you please rebase this? |
@stevehipwell merged "main" into this branch via UI |
… cli and verify release artifacts with Cosign (integrations#2846) * Add GH attestation on release Signed-off-by: Viacheslav Kudinov <[email protected]> * Add information that attestations are available sine v6.9.0 Signed-off-by: Viacheslav Kudinov <[email protected]> * Add Cosign verification * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Use ${version} in all the commands Signed-off-by: Viacheslav Kudinov <[email protected]> * Add Cosign attestation verification * Use artifact variable Signed-off-by: Viacheslav Kudinov <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update headings and blockquote * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> * Update VERIFY_ATTESTATIONS.md Co-authored-by: Steve Hipwell <[email protected]> --------- Signed-off-by: Viacheslav Kudinov <[email protected]> Co-authored-by: Viacheslav Kudinov <[email protected]> Co-authored-by: Steve Hipwell <[email protected]>
4 participants
Resolves #NaN
Before the change?
After the change?
https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations
Pull request checklist
Does this introduce a breaking change?
Please see our docs on breaking changes to help!