-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(sync): sync references(signatures/artifacts) recursively #1500
feat(sync): sync references(signatures/artifacts) recursively #1500
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also try to copy the cosign manifest blob as is instead of re-marshalling it? Maybe we don't need multiple implementations of the manifest that way.
b2bd207
to
408adf3
Compare
Codecov Report
@@ Coverage Diff @@
## main #1500 +/- ##
==========================================
+ Coverage 91.11% 91.17% +0.06%
==========================================
Files 114 114
Lines 22751 22749 -2
==========================================
+ Hits 20729 20741 +12
+ Misses 1510 1498 -12
+ Partials 512 510 -2
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
5470f38
to
b873e40
Compare
b873e40
to
54fc976
Compare
54fc976
to
e70d0b2
Compare
e70d0b2
to
d71e5eb
Compare
d3dfa9a
to
4587f87
Compare
7321edf
to
cff63f4
Compare
added test for infinite loops: image -> sbom A -> oci ref -> sbom A |
2225730
to
95950f5
Compare
sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
95950f5
to
96bd44b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
What type of PR is this?
feature
Which issue does this PR fix:
#1334
What does this PR do / Why do we need it:
sync now also pulls chained artifacts recursively
eg:
image->sbom->sbom signature
image->artifact->artifact
If an issue # is not available please add repro steps and logs showing the issue:
Testing done on this change:
Automation added to e2e:
added chained artifacts in sync_test.go/TestSignatures()
Will this break upgrades or downgrades?
no
Does this PR introduce any user-facing change?:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.