Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Builtin experiments #1463

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

simonbaird
Copy link
Member

@simonbaird simonbaird commented Mar 21, 2024

Not sure if we want to merge this or not, but it's interesting to consider.

The idea is that maybe we move all out sigstore signature checks into rego and use ec validate input for everything.

Running the script looks like this:

$ hack/builtin-experiments/demo.sh 

* Input:

image:
  ref: quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v02/cli-v02:c862b0f77bb10082d1440e0d4b6a4e9645b83382@sha256:9af445f4f79b7f129749e6fffde9a1280c4d260108e9c19545979cee449c00bf

* EC results:

success: true
filepaths:
  - filepath: /dev/fd/63
    violations: []
    warnings: []
    successes:
      - msg: Pass
        metadata:
          code: sigstore.valid
          description: Check image and attestation signatures
          title: Image validation
    success: true
    success-count: 1
policy:
  sources:
    - policy:
        - /home/sbaird/code/ec-cli/hack/builtin-experiments/policy
      data:
        - /home/sbaird/code/ec-cli/hack/builtin-experiments/data
ec-version: v0.3.2701-9b97c6d
effective-time: "2024-03-21T22:21:43.055587461Z"

This is helpful for some experiments I'm working on, and seems like
a good enough tidy/refactor anyhow.
@simonbaird
Copy link
Member Author

Should rebase on #1462 once that one is merged.

@simonbaird simonbaird closed this Mar 21, 2024
@simonbaird simonbaird reopened this Mar 21, 2024
Copy link

codecov bot commented Mar 21, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.16%. Comparing base (0b70d4f) to head (a93ec19).
Report is 6 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1463      +/-   ##
==========================================
+ Coverage   80.35%   87.16%   +6.80%     
==========================================
  Files          66       77      +11     
  Lines        4674     5009     +335     
==========================================
+ Hits         3756     4366     +610     
+ Misses        918      643     -275     
Flag Coverage Δ
acceptance 72.62% <ø> (?)
generative ?
integration ?
unit 80.35% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 41 files with indirect coverage changes

@simonbaird simonbaird force-pushed the builtin-experiments branch from e2629ff to 8449e1f Compare March 21, 2024 22:31
@simonbaird simonbaird force-pushed the builtin-experiments branch from 8449e1f to 56255d8 Compare March 21, 2024 22:38
Will clean it up later.

This demos slsa3 passing with ec validate input.
@simonbaird simonbaird force-pushed the builtin-experiments branch from d88c9c0 to a93ec19 Compare March 22, 2024 13:17
Copy link
Member

@lcarva lcarva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an experiment. It's probably worth having it.

# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be worth adding a comment to explain what this experiment is.

@lcarva
Copy link
Member

lcarva commented Sep 3, 2024

It would be great to either close this PR or update it so it can be merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants