Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add jenkins attestor #323

Merged
merged 2 commits into from
Aug 22, 2024
Merged

add jenkins attestor #323

merged 2 commits into from
Aug 22, 2024

Conversation

joshdabosh
Copy link
Contributor

@joshdabosh joshdabosh commented Aug 9, 2024
edited
Loading

What this PR does / why we need it

Add a Jenkins build attestor. We can use it in the SLSA provenance data as well, which currently only supports Github Actions and Gitlab CI.

This will allow us to capture data related to a Jenkins build without having to capture the entire scope of environment variables (in case there is sensitive data in the environment).

Which issue(s) this PR fixes (optional)

Closes #315

Acceptance Criteria Met

  • Docs changes if needed
  • Testing changes if needed
  • All workflow checks passing (automatically enforced)
  • All review conversations resolved (automatically enforced)
  • DCO Sign-off

Special notes for your reviewer:

@matglas
Copy link
Contributor

matglas commented Aug 11, 2024

It would be nice to follow conventional commits. This will help to get the change into the changelog too.

@joshdabosh
Copy link
Contributor Author

Could you clarify what you mean by conventional commits?

@matglas
Copy link
Contributor

matglas commented Aug 12, 2024

You can read up on it here in the contribution doc. https://github.com/in-toto/go-witness/blob/main/CONTRIBUTING.md

jkjell
jkjell requested changes Aug 13, 2024
View reviewed changes
Copy link
Member

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great @joshdabosh! Thanks for submitting this. No comments on the current content of the PR but, it would be good to add some tests. If you could add a jenkins_test.go for the attestor and add a test case to the slsa_test.go that should be enough.

@joshdabosh joshdabosh requested a review from jkjell August 16, 2024 12:43
jkjell
jkjell approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! 🎉 🦉

@jkjell jkjell merged commit cf898e1 into in-toto:main Aug 22, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkjell jkjell jkjell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feat]: Jenkins CI attestor
3 participants
@joshdabosh @matglas @jkjell