From 9d6078974a02cee74addb640a4b6883beac48d9b Mon Sep 17 00:00:00 2001 From: Binbin Li Date: Mon, 27 May 2024 05:08:31 +0000 Subject: [PATCH 01/21] feat: add namespace label to metrics --- .../grafana_namespaced_configMap.yaml | 1482 +++++++++++++++++ pkg/metrics/stats_reporter.go | 37 +- pkg/metrics/stats_reporter_test.go | 59 +- 3 files changed, 1558 insertions(+), 20 deletions(-) create mode 100644 instrumentation/grafana_namespaced_configMap.yaml diff --git a/instrumentation/grafana_namespaced_configMap.yaml b/instrumentation/grafana_namespaced_configMap.yaml new file mode 100644 index 000000000..ea65b96aa --- /dev/null +++ b/instrumentation/grafana_namespaced_configMap.yaml @@ -0,0 +1,1482 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ratify-grafana-dashboard + labels: + grafana_dashboard: "1" + namespace: monitoring +data: + ratify-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "9.3.8", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "sum(rate(ratify_verification_request_count[$__rate_interval]))", + "instant": true, + "key": "Q-806348e4-5c52-4af8-87f1-0676999cd43c-0", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Verification RPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "Count of Verifier Ops", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "verifier= isSuccess= isError=" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "sum by(error, success, verifier) (increase(ratify_verifier_duration_count{workload_namespace=~\"$workload_namespace\"}[$__rate_interval]))", + "instant": false, + "key": "Q-e20b12bd-6bd1-4c51-a1f5-4b1582183dc6-0", + "legendFormat": "verifier={{verifier}} isSuccess={{success}} isError={{error}}", + "range": true, + "refId": "A" + } + ], + "title": "Count of Verifier Operations Per Interval", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.95, sum by(le) (ratify_mutation_request_bucket))", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "P95 Mutation Request Duration", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.95, sum by(le) (ratify_verification_request_bucket))", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "P95 Verification Request Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "max": 110, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "increase(ratify_blob_cache_count_total{hit=\"true\", workload_namespace=~\"$workload_namespace\"}[$__rate_interval])", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "key": "Q-e087804a-f777-4009-b91d-0207684b5d52-0", + "legendFormat": "{{hit}}", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "increase(ratify_blob_cache_count_total{workload_namespace=~\"$workload_namespace\"}[$__rate_interval])", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "key": "Q-e087804a-f777-4009-b91d-0207684b5d52-0", + "legendFormat": "{{hit}}", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "name": "Expression", + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "$A/$B * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Blob Cache Hit", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "sum(increase(ratify_registry_request_count_total{workload_namespace=~\"$workload_namespace\"}[$__rate_interval]))", + "instant": false, + "key": "Q-03cacf42-7553-4d7a-9bce-8bea83f95a09-0", + "legendFormat": "non 429", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "sum(increase(ratify_registry_request_count_total{status_code=\"429\", workload_namespace=~\"$workload_namespace\"}[$__rate_interval]))", + "hide": false, + "instant": false, + "key": "Q-03cacf42-7553-4d7a-9bce-8bea83f95a09-0", + "legendFormat": "429", + "range": true, + "refId": "B" + } + ], + "title": "Registry Request Count", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "limit" + }, + "properties": [ + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "key": "Q-e556d2e4-096e-4e25-8524-17875553f26c-0", + "legendFormat": "{{label_name}}", + "range": true, + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "key": "Q-2810b9b8-6d65-402c-a8dd-e33651478da8-2", + "legendFormat": "limit", + "range": true, + "refId": "C", + "step": 10 + } + ], + "title": "Memory Usage (WSS)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "request" + }, + "properties": [ + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "limit" + }, + "properties": [ + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 24 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", container=\"ratify\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "key": "Q-255c079c-fc4f-462b-a7e6-675a987fb424-0", + "legendFormat": "ratify", + "range": true, + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(\n kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "key": "Q-a2ac92c1-8a95-49aa-96fc-01b51a7e7773-1", + "legendFormat": "request", + "range": true, + "refId": "B", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(\n kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "key": "Q-fa5c0a68-ea62-4328-8f34-c389bd402946-2", + "legendFormat": "limit", + "range": true, + "refId": "C", + "step": 10 + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "ratify_system_error_count", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Error Count", + "type": "timeseries" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 19, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.95, sum by(le) (ratify_akv_certificate_duration_bucket))", + "instant": false, + "key": "Q-fcdaeb64-9bf0-4d47-bd25-dbe3022be5f9-0", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "P95 AKV Certificate Fetch Duration", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 41 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.95, sum by(le) (ratify_aad_exchange_duration_bucket))", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "P95 AAD Exchange Duration", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 49 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.95, sum by(le) (ratify_acr_exchange_duration_bucket))", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "P95 ACR Exchange Duration", + "type": "timeseries" + } + ], + "title": "Azure", + "type": "row" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "gatekeeper-system", + "value": "gatekeeper-system" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\"}, namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\"}, namespace)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", + "hide": 0, + "includeAll": false, + "label": "ratify pod", + "multi": false, + "name": "pod", + "options": [], + "query": { + "query": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/^ratify.*/", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": [ + "default" + ], + "value": [ + "default" + ] + }, + "definition": "label_values(ratify_verifier_duration_count, workload_namespace)", + "hide": 0, + "includeAll": true, + "label": "workload namespace", + "multi": true, + "name": "workload_namespace", + "options": [], + "query": { + "qryType": 5, + "query": "label_values(ratify_verifier_duration_count, workload_namespace)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "nowDelay": "" + }, + "timezone": "", + "title": "Ratify", + "uid": "mBWgLNBVk", + "version": 7, + "weekStart": "" + } diff --git a/pkg/metrics/stats_reporter.go b/pkg/metrics/stats_reporter.go index c9ec5d984..2cc294fbb 100644 --- a/pkg/metrics/stats_reporter.go +++ b/pkg/metrics/stats_reporter.go @@ -18,6 +18,7 @@ package metrics import ( "context" + ctxUtils "github.com/deislabs/ratify/internal/context" "github.com/sirupsen/logrus" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" @@ -202,6 +203,7 @@ func ReportMutationRequest(ctx context.Context, duration int64) { // subjectReference: the subject reference of the verification // success: whether the verification succeeded // isError: whether the verification failed due to an error +// workload_namespace: the namespace where workload is deployed func ReportVerifierDuration(ctx context.Context, duration int64, veriferName string, subjectReference string, success bool, isError bool) { if verifierDuration != nil { verifierDuration.Record(ctx, duration, instrument.WithAttributes( @@ -221,6 +223,10 @@ func ReportVerifierDuration(ctx context.Context, duration int64, veriferName str Key: "error", Value: attribute.BoolValue(isError), }, + attribute.KeyValue{ + Key: "workload_namespace", + Value: attribute.StringValue(ctxUtils.GetNamespace(ctx)), + }, )) } } @@ -228,9 +234,12 @@ func ReportVerifierDuration(ctx context.Context, duration int64, veriferName str // ReportSystemError reports a system error from the server handler // Attributes: // errorString: the error message +// workload_namespace: the namespace where workload is deployed func ReportSystemError(ctx context.Context, errorString string) { if systemErrorCount != nil { - systemErrorCount.Add(ctx, 1, instrument.WithAttributes(attribute.KeyValue{Key: "error", Value: attribute.StringValue(errorString)})) + systemErrorCount.Add(ctx, 1, instrument.WithAttributes( + attribute.KeyValue{Key: "error", Value: attribute.StringValue(errorString)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } @@ -238,44 +247,60 @@ func ReportSystemError(ctx context.Context, errorString string) { // Attributes: // statusCode: the status code of the request // registryHost: the host name of the registry +// workload_namespace: the namespace where workload is deployed func ReportRegistryRequestCount(ctx context.Context, statusCode int, registryHost string) { if registryRequestCount != nil { - registryRequestCount.Add(ctx, 1, instrument.WithAttributes(attribute.KeyValue{Key: "status_code", Value: attribute.IntValue(statusCode)}, attribute.KeyValue{Key: "registry_host", Value: attribute.StringValue(registryHost)})) + registryRequestCount.Add(ctx, 1, instrument.WithAttributes( + attribute.KeyValue{Key: "status_code", Value: attribute.IntValue(statusCode)}, + attribute.KeyValue{Key: "registry_host", Value: attribute.StringValue(registryHost)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } // ReportAADExchangeDuration reports the duration of an AAD exchange // Attributes: // resourceType: the scope of resource being exchanged (AKV or ACR) +// workload_namespace: the namespace where workload is deployed func ReportAADExchangeDuration(ctx context.Context, duration int64, resourceType string) { if aadExchangeDuration != nil { - aadExchangeDuration.Record(ctx, duration, instrument.WithAttributes(attribute.KeyValue{Key: "resource_type", Value: attribute.StringValue(resourceType)})) + aadExchangeDuration.Record(ctx, duration, instrument.WithAttributes( + attribute.KeyValue{Key: "resource_type", Value: attribute.StringValue(resourceType)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } // ReportACRExchangeDuration reports the duration of an ACR exchange (AAD token for ACR refresh token) // Attributes: // repository: the repository being accessed +// workload_namespace: the namespace where workload is deployed func ReportACRExchangeDuration(ctx context.Context, duration int64, repository string) { if acrExchangeDuration != nil { - acrExchangeDuration.Record(ctx, duration, instrument.WithAttributes(attribute.KeyValue{Key: "repository", Value: attribute.StringValue(repository)})) + acrExchangeDuration.Record(ctx, duration, instrument.WithAttributes( + attribute.KeyValue{Key: "repository", Value: attribute.StringValue(repository)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } // ReportAKVCertificateDuration reports the duration of an AKV certificate fetch // Attributes: // certificateName: the object name of the certificate +// workload_namespace: the namespace where workload is deployed func ReportAKVCertificateDuration(ctx context.Context, duration int64, certificateName string) { if akvCertificateDuration != nil { - akvCertificateDuration.Record(ctx, duration, instrument.WithAttributes(attribute.KeyValue{Key: "certificate_name", Value: attribute.StringValue(certificateName)})) + akvCertificateDuration.Record(ctx, duration, instrument.WithAttributes( + attribute.KeyValue{Key: "certificate_name", Value: attribute.StringValue(certificateName)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } // ReportBlobCacheCount reports a blob cache hit or miss // Attributes: // hit: whether the blob was found in the cache +// workload_namespace: the namespace where workload is deployed func ReportBlobCacheCount(ctx context.Context, hit bool) { if cacheBlobCount != nil { - cacheBlobCount.Add(ctx, 1, instrument.WithAttributes(attribute.KeyValue{Key: "hit", Value: attribute.BoolValue(hit)})) + cacheBlobCount.Add(ctx, 1, instrument.WithAttributes( + attribute.KeyValue{Key: "hit", Value: attribute.BoolValue(hit)}, + attribute.KeyValue{Key: "workload_namespace", Value: attribute.StringValue(ctxUtils.GetNamespace(ctx))})) } } diff --git a/pkg/metrics/stats_reporter_test.go b/pkg/metrics/stats_reporter_test.go index 7580b37e2..317aa98dc 100644 --- a/pkg/metrics/stats_reporter_test.go +++ b/pkg/metrics/stats_reporter_test.go @@ -20,10 +20,13 @@ import ( "fmt" "testing" + ctxUtils "github.com/deislabs/ratify/internal/context" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" ) +const testNamespace = "testNamespace" + type MockInt64Histogram struct { instrument.Int64Histogram Value int64 @@ -95,11 +98,12 @@ func TestReportVerifierDuration(t *testing.T) { mockDuration := &MockInt64Histogram{Attributes: make(map[string]string)} verifierDuration = mockDuration - ReportVerifierDuration(context.Background(), 5, "test_verifier", "test_subject", true, true) + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportVerifierDuration(ctx, 5, "test_verifier", "test_subject", true, true) if mockDuration.Value != 5 { t.Fatalf("ReportVerifierDuration() mockDuration.Value = %v, expected %v", mockDuration.Value, 5) } - if len(mockDuration.Attributes) != 4 { + if len(mockDuration.Attributes) != 5 { t.Fatalf("ReportVerifierDuration() len(mockDuration.Attributes) = %v, expected %v", len(mockDuration.Attributes), 2) } if mockDuration.Attributes["verifier"] != "test_verifier" { @@ -111,6 +115,9 @@ func TestReportVerifierDuration(t *testing.T) { if mockDuration.Attributes["error"] != "true" { t.Fatalf("expected error attribute to be true but got %s", mockDuration.Attributes["error"]) } + if mockDuration.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockDuration.Attributes["workload_namespac"]) + } } func TestReportSystemError(t *testing.T) { @@ -120,16 +127,20 @@ func TestReportSystemError(t *testing.T) { mockCounter := &MockInt64Counter{Attributes: make(map[string]string)} systemErrorCount = mockCounter - ReportSystemError(context.Background(), "test_error") + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportSystemError(ctx, "test_error") if mockCounter.Value != 1 { t.Fatalf("ReportSystemError() mockCounter.Value = %v, expected %v", mockCounter.Value, 1) } - if len(mockCounter.Attributes) != 1 { + if len(mockCounter.Attributes) != 2 { t.Fatalf("ReportSystemError() len(mockCounter.Attributes) = %v, expected %v", len(mockCounter.Attributes), 1) } if mockCounter.Attributes["error"] != "test_error" { t.Fatalf("expected error attributes to be test_error but got %s", mockCounter.Attributes["error"]) } + if mockCounter.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockCounter.Attributes["workload_namespac"]) + } } func TestReportRequestCount(t *testing.T) { @@ -139,11 +150,12 @@ func TestReportRequestCount(t *testing.T) { mockCounter := &MockInt64Counter{Attributes: make(map[string]string)} registryRequestCount = mockCounter - ReportRegistryRequestCount(context.Background(), 429, "test_registry_host") + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportRegistryRequestCount(ctx, 429, "test_registry_host") if mockCounter.Value != 1 { t.Fatalf("ReportRequestCount() mockCounter.Value = %v, expected %v", mockCounter.Value, 1) } - if len(mockCounter.Attributes) != 2 { + if len(mockCounter.Attributes) != 3 { t.Fatalf("ReportRequestCount() len(mockCounter.Attributes) = %v, expected %v", len(mockCounter.Attributes), 2) } if mockCounter.Attributes["status_code"] != "429" { @@ -152,6 +164,9 @@ func TestReportRequestCount(t *testing.T) { if mockCounter.Attributes["registry_host"] != "test_registry_host" { t.Fatalf("expected registry_host attribute to be test_registry_host but got %s", mockCounter.Attributes["registry_host"]) } + if mockCounter.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockCounter.Attributes["workload_namespac"]) + } } func TestReportAADExchangeDuration(t *testing.T) { @@ -161,16 +176,20 @@ func TestReportAADExchangeDuration(t *testing.T) { mockDuration := &MockInt64Histogram{Attributes: make(map[string]string)} aadExchangeDuration = mockDuration - ReportAADExchangeDuration(context.Background(), 500, "test_scope") + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportAADExchangeDuration(ctx, 500, "test_scope") if mockDuration.Value != 500 { t.Fatalf("ReportAADExchangeDuration() mockDuration.Value = %v, expected %v", mockDuration.Value, 500) } - if len(mockDuration.Attributes) != 1 { + if len(mockDuration.Attributes) != 2 { t.Fatalf("ReportAADExchangeDuration() len(mockDuration.Attributes) = %v, expected %v", len(mockDuration.Attributes), 1) } if mockDuration.Attributes["resource_type"] != "test_scope" { t.Fatalf("expected resource_type attribute to be test_scope but got %s", mockDuration.Attributes["resource_type"]) } + if mockDuration.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockDuration.Attributes["workload_namespac"]) + } } func TestReportACRExchangeDuration(t *testing.T) { @@ -180,16 +199,20 @@ func TestReportACRExchangeDuration(t *testing.T) { mockDuration := &MockInt64Histogram{Attributes: make(map[string]string)} acrExchangeDuration = mockDuration - ReportACRExchangeDuration(context.Background(), 500, "test_repo") + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportACRExchangeDuration(ctx, 500, "test_repo") if mockDuration.Value != 500 { t.Fatalf("ReportACRExchangeDuration() mockDuration.Value = %v, expected %v", mockDuration.Value, 500) } - if len(mockDuration.Attributes) != 1 { + if len(mockDuration.Attributes) != 2 { t.Fatalf("ReportACRExchangeDuration() len(mockDuration.Attributes) = %v, expected %v", len(mockDuration.Attributes), 1) } if mockDuration.Attributes["repository"] != "test_repo" { t.Fatalf("expected repository attribute to be test_repo but got %s", mockDuration.Attributes["repository"]) } + if mockDuration.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockDuration.Attributes["workload_namespac"]) + } } func TestReportAKVCertificateDuration(t *testing.T) { @@ -199,16 +222,20 @@ func TestReportAKVCertificateDuration(t *testing.T) { mockDuration := &MockInt64Histogram{Attributes: make(map[string]string)} akvCertificateDuration = mockDuration - ReportAKVCertificateDuration(context.Background(), 500, "test_cert") + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportAKVCertificateDuration(ctx, 500, "test_cert") if mockDuration.Value != 500 { t.Fatalf("ReportAKVCertificateDuration() mockDuration.Value = %v, expected %v", mockDuration.Value, 500) } - if len(mockDuration.Attributes) != 1 { + if len(mockDuration.Attributes) != 2 { t.Fatalf("ReportAKVCertificateDuration() len(mockDuration.Attributes) = %v, expected %v", len(mockDuration.Attributes), 1) } if mockDuration.Attributes["certificate_name"] != "test_cert" { t.Fatalf("expected certificate_name attribute to be test_cert but got %s", mockDuration.Attributes["certificate_name"]) } + if mockDuration.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockDuration.Attributes["workload_namespac"]) + } } func TestReportBlobCacheCount(t *testing.T) { @@ -218,14 +245,18 @@ func TestReportBlobCacheCount(t *testing.T) { mockCounter := &MockInt64Counter{Attributes: make(map[string]string)} cacheBlobCount = mockCounter - ReportBlobCacheCount(context.Background(), true) + ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace) + ReportBlobCacheCount(ctx, true) if mockCounter.Value != 1 { t.Fatalf("ReportBlobCacheCount() mockCounter.Value = %v, expected %v", mockCounter.Value, 1) } - if len(mockCounter.Attributes) != 1 { + if len(mockCounter.Attributes) != 2 { t.Fatalf("ReportBlobCacheCount() len(mockCounter.Attributes) = %v, expected %v", len(mockCounter.Attributes), 1) } if mockCounter.Attributes["hit"] != "true" { t.Fatalf("expected hit attribute to be true but got %s", mockCounter.Attributes["hit"]) } + if mockCounter.Attributes["workload_namespace"] != testNamespace { + t.Fatalf("expected workload_namespace attribute to be %s but got %s", testNamespace, mockCounter.Attributes["workload_namespac"]) + } } From 12e39b9ba5a26fbb56c8a6873a91dec0f22a97a9 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Thu, 6 Jun 2024 16:10:20 -0700 Subject: [PATCH 02/21] chore: update dev helmfile and publishing workflow (#1551) --- .github/workflows/publish-dev-assets.yml | 4 ++-- dev.helmfile.yaml | 4 ++-- dev.high-availability.helmfile.yaml | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index 0697e5154..b81daeaa5 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -72,8 +72,8 @@ jobs: --push . - name: replace version run: | - sed -i '/^ repository:/c\ repository: ghcr.io/deislabs/ratify-dev' charts/ratify/values.yaml - sed -i '/^ crdRepository:/c\ crdRepository: ghcr.io/deislabs/ratify-crds-dev' charts/ratify/values.yaml + sed -i '/^ repository:/c\ repository: ghcr.io/ratify-project/ratify-dev' charts/ratify/values.yaml + sed -i '/^ crdRepository:/c\ crdRepository: ghcr.io/ratify-project/ratify-crds-dev' charts/ratify/values.yaml sed -i '/^ tag:/c\ tag: ${{ steps.prepare.outputs.version }}' charts/ratify/values.yaml - name: helm package run: | diff --git a/dev.helmfile.yaml b/dev.helmfile.yaml index ac8f79d25..0a3f4060a 100644 --- a/dev.helmfile.yaml +++ b/dev.helmfile.yaml @@ -2,7 +2,7 @@ repositories: - name: gatekeeper url: https://open-policy-agent.github.io/gatekeeper/charts - name: ratify - url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml + url: ghcr.io/ratify-project/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml oci: true # PRERELEASE: Remove before copying to helmfile.yaml releases: @@ -77,6 +77,6 @@ releases: - "gatekeeper-system" set: - name: notationCerts[0] - value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }} + value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/notation.crt") | quote }} - name: featureFlags.RATIFY_CERT_ROTATION value: true diff --git a/dev.high-availability.helmfile.yaml b/dev.high-availability.helmfile.yaml index 20f1fd408..3436a1c55 100644 --- a/dev.high-availability.helmfile.yaml +++ b/dev.high-availability.helmfile.yaml @@ -6,7 +6,7 @@ repositories: - name: bitnami url: https://charts.bitnami.com/bitnami - name: ratify - url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml + url: ghcr.io/ratify-project/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml oci: true # PRERELEASE: Remove before copying to helmfile.yaml releases: @@ -63,14 +63,14 @@ releases: command: "bash" args: - "-c" - - "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -" + - "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -" - events: ["presync"] showlogs: true command: "kubectl" args: - "apply" - "-f" - - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml" + - "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis.yaml" - "-n" - "gatekeeper-system" - events: ["presync"] @@ -85,7 +85,7 @@ releases: args: - "delete" - "-f" - - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml" + - "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml" - "-n" - "gatekeeper-system" - "--ignore-not-found=true" @@ -95,7 +95,7 @@ releases: args: - "delete" - "-f" - - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml" + - "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis.yaml" - "-n" - "gatekeeper-system" - "--ignore-not-found=true" @@ -146,7 +146,7 @@ releases: - name: logger.level value: debug - name: notationCerts[0] - value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }} + value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/notation.crt") | quote }} - name: replicaCount value: 2 - name: provider.cache.type From e57886cb83eb66858cbabd6cbf1f91b9d4b5ab8a Mon Sep 17 00:00:00 2001 From: Susan Shi Date: Fri, 7 Jun 2024 16:27:27 +1000 Subject: [PATCH 03/21] doc: update README code of conduct (#1553) Co-authored-by: Binbin Li --- README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index fbb1a1978..5efef3314 100644 --- a/README.md +++ b/README.md @@ -49,13 +49,7 @@ Meeting notes for weekly project syncs can be found [here](https://hackmd.io/ABu ## Code of Conduct -This project has adopted the [Microsoft Open Source Code of -Conduct](https://opensource.microsoft.com/codeofconduct/). - -For more information see the [Code of Conduct -FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact -[opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional -questions or comments. +Ratify follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). ## Release Management From aca9883557fb86bea295b4344029aba4d3aa8f19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 07:39:53 -0700 Subject: [PATCH 04/21] chore: Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#1561) --- .github/workflows/scan-vulns.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index 956bf6fda..4632087ed 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -21,7 +21,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: egress-policy: audit @@ -37,7 +37,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: egress-policy: audit From a7178d4f38afe06d8f07da2249469cbcf76680a8 Mon Sep 17 00:00:00 2001 From: Susan Shi Date: Tue, 11 Jun 2024 09:29:55 +1000 Subject: [PATCH 05/21] doc: Update SECURITY.md (#1555) Signed-off-by: Susan Shi Co-authored-by: Akash Singhal --- SECURITY.md | 45 ++++++++------------------------------------- 1 file changed, 8 insertions(+), 37 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 42825fdd0..0d83f96a7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,41 +1,12 @@ - +# Ratify Project Security Process and Policy +This document provide details on the Ratify Project security policy and details the process on how to report a security vulnerability within the Ratify Project organization. -# Security +## Reporting a Vulnerability -Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). +We're extremely grateful for security researchers and users who report vulnerabilities to the Ratify Project community. All reports are thouroughly investigated by a set of Project maintainers. -If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. +To make a report plese use the GitHub Security Vulnerability Disclosure process for each one of the Ratify Project repositories. +- [Ratify Vulnerability Report](https://github.com/ratify-project/ratify/security/advisories/new) -## Reporting Security Issues - -**Please do not report security vulnerabilities through public GitHub issues.** - -Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). - -If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc). - -You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). - -Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - -* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) -* Full paths of source file(s) related to the manifestation of the issue -* The location of the affected source code (tag/branch/commit or direct URL) -* Any special configuration required to reproduce the issue -* Step-by-step instructions to reproduce the issue -* Proof-of-concept or exploit code (if possible) -* Impact of the issue, including how an attacker might exploit the issue - -This information will help us triage your report more quickly. - -If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs. - -## Preferred Languages - -We prefer all communications to be in English. - -## Policy - -Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd). - - \ No newline at end of file +## Credits +We would like to give credit to the [Helm Community](https://github.com/helm/community) for using their security process and policy as an example. From ce317dc8a39e44112e3e15bf97356b44b7b5219e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jun 2024 20:29:19 +0000 Subject: [PATCH 06/21] chore: Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.2...sdk/azcore/v1.6.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 18 +++++++++--------- go.sum | 38 ++++++++++++++++++-------------------- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/go.mod b/go.mod index b6d233eb9..4ce0fcece 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ retract ( require ( github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 github.com/aws/aws-sdk-go-v2 v1.27.0 github.com/aws/aws-sdk-go-v2/config v1.27.16 @@ -128,7 +128,7 @@ require ( ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -209,7 +209,7 @@ require ( github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/sigstore/rekor v1.3.6 // indirect + github.com/sigstore/rekor v1.3.6 github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -233,14 +233,14 @@ require ( go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 // indirect - golang.org/x/mod v0.16.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index cf62d1bf1..eb3a5cb22 100644 --- a/go.sum +++ b/go.sum @@ -52,10 +52,10 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= @@ -272,8 +272,6 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v24.0.9+incompatible h1:OxbimnP/z+qVjDLpq9wbeFU3Nc30XhSe+LkwYQisD50= github.com/docker/cli v24.0.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -855,8 +853,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -891,8 +889,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= -golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -936,8 +934,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1015,8 +1013,8 @@ golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1027,8 +1025,8 @@ golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1044,8 +1042,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1099,8 +1097,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= -golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 25df78361bf091a8152ed5e045ea12fdfe48d4a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:51:07 -0700 Subject: [PATCH 07/21] chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.18 (#1557) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: akashsinghal --- go.mod | 20 +++++----- go.sum | 40 +++++++++---------- .../oras/authprovider/aws/awsecrbasic.go | 10 ++++- 3 files changed, 38 insertions(+), 32 deletions(-) diff --git a/go.mod b/go.mod index 4ce0fcece..7fd690d19 100644 --- a/go.mod +++ b/go.mod @@ -13,9 +13,9 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/aws/aws-sdk-go-v2 v1.27.0 - github.com/aws/aws-sdk-go-v2/config v1.27.16 - github.com/aws/aws-sdk-go-v2/credentials v1.17.16 + github.com/aws/aws-sdk-go-v2 v1.27.2 + github.com/aws/aws-sdk-go-v2/config v1.27.18 + github.com/aws/aws-sdk-go-v2/credentials v1.17.18 github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 github.com/cespare/xxhash/v2 v2.2.0 github.com/dapr/go-sdk v1.8.0 @@ -137,14 +137,14 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect diff --git a/go.sum b/go.sum index eb3a5cb22..70f34124b 100644 --- a/go.sum +++ b/go.sum @@ -158,18 +158,18 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.51.6 h1:Ld36dn9r7P9IjU8WZSaswQ8Y/XUCRpewim5980DwYiU= github.com/aws/aws-sdk-go v1.51.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= -github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.16 h1:knpCuH7laFVGYTNd99Ns5t+8PuRjDn4HnnZK48csipM= -github.com/aws/aws-sdk-go-v2/config v1.27.16/go.mod h1:vutqgRhDUktwSge3hrC3nkuirzkJ4E/mLj5GvI0BQas= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16 h1:7d2QxY83uYl0l58ceyiSpxg9bSbStqBC6BeEeHEchwo= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16/go.mod h1:Ae6li/6Yc6eMzysRL2BXlPYvnrLLBg3D11/AmOjw50k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= +github.com/aws/aws-sdk-go-v2 v1.27.2 h1:pLsTXqX93rimAOZG2FIYraDQstZaaGVVN4tNw65v0h8= +github.com/aws/aws-sdk-go-v2 v1.27.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.18 h1:wFvAnwOKKe7QAyIxziwSKjmer9JBMH1vzIL6W+fYuKk= +github.com/aws/aws-sdk-go-v2/config v1.27.18/go.mod h1:0xz6cgdX55+kmppvPm2IaKzIXOheGJhAufacPJaXZ7c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18 h1:D/ALDWqK4JdY3OFgA2thcPO1c9aYTT5STS/CvnkqY1c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18/go.mod h1:JuitCWq+F5QGUrmMPsk945rop6bB57jdscu+Glozdnc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 h1:dDgptDO9dxeFkXy+tEgVkzSClHZje/6JkPW5aZyEvrQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5/go.mod h1:gjvE2KBUgUQhcv89jqxrIxH9GaKs1JbZzWejj/DaHGA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 h1:cy8ahBJuhtM8GTTSyOkfy6WVPV1IE+SS5/wfXUYuulw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9/go.mod h1:CZBXGLaJnEZI6EVNcPd7a6B5IC5cA/GkRWtu9fp3S6Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 h1:A4SYk07ef04+vxZToz9LWvAXl9LW0NClpPpMsi31cz0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9/go.mod h1:5jJcHuwDagxN+ErjQ3PU3ocf6Ylc/p9x+BLO/+X4iXw= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 h1:NsP8PA4Kw1sA6UKl3ZFRIcA9dWomePbmoRIvfOl+HKs= @@ -178,16 +178,16 @@ github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.7 h1:dsmihXaPkhFuUTiL+ygm9R github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.7/go.mod h1:g7If3uXj+mKcmIuxh08qh8I9ju6f/aOSWMyc6hEEi58= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 h1:o4T+fKxA3gTMcluBNZZXE9DNaMkJuUL1O3mffCUjoJo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11/go.mod h1:84oZdJ+VjuJKs9v1UTC9NaodRZRseOXCTgku+vQJWR8= github.com/aws/aws-sdk-go-v2/service/kms v1.31.3 h1:wLBgq6nDNYdd0A5CvscVAKV5SVlHKOHVPedpgtigATg= github.com/aws/aws-sdk-go-v2/service/kms v1.31.3/go.mod h1:8lETO9lelSG2B6KMXFh2OwPPqGV6WQM3RqLAEjP1xaU= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 h1:aD7AGQhvPuAxlSUfo0CWU7s6FpkbyykMhGYMvlqTjVs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 h1:Pav5q3cA260Zqez42T9UhIlsd9QeypszRPwC9LdSSsQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 h1:69tpbPED7jKPyzMcrwSvhWcJ9bPnZsZs18NT40JwM0g= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 h1:gEYM2GSpr4YNWc6hCd5nod4+d4kd9vWIAWrmGuLdlMw= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11/go.mod h1:gVvwPdPNYehHSP9Rs7q27U1EU+3Or2ZpXvzAYJNh63w= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 h1:iXjh3uaH3vsVcnyZX7MqCoCfcyxIrVE9iOQruRaWPrQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5/go.mod h1:5ZXesEuy/QcO0WUnt+4sDkxhdXRHTu2yG0uCSH8B6os= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 h1:M/1u4HBpwLuMtjlxuI2y6HoVLzF5e2mfxHCg7ZVMYmk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12/go.mod h1:kcfd+eTdEi/40FIbLq4Hif3XMXnl5b/+t/KTfLt9xIk= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= diff --git a/pkg/common/oras/authprovider/aws/awsecrbasic.go b/pkg/common/oras/authprovider/aws/awsecrbasic.go index 6605b6407..3349e8372 100644 --- a/pkg/common/oras/authprovider/aws/awsecrbasic.go +++ b/pkg/common/oras/authprovider/aws/awsecrbasic.go @@ -68,13 +68,16 @@ func (d *awsEcrBasicAuthProvider) getEcrAuthToken(artifact string) (EcrAuthToken } ctx := context.Background() - + // TODO: Update to use regional endpoint + // nolint:staticcheck resolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { if service == ecr.ServiceID && region == apiOverrideRegion { logrus.Info("AWS ECR basic auth using custom endpoint resolver...") logrus.Infof("AWS ECR basic auth API override endpoint: %s", apiOverrideEndpoint) logrus.Infof("AWS ECR basic auth API override partition: %s", apiOverridePartition) logrus.Infof("AWS ECR basic auth API override region: %s", apiOverrideRegion) + // TODO: Update to use regional endpoint + // nolint:staticcheck return aws.Endpoint{ URL: apiOverrideEndpoint, PartitionID: apiOverridePartition, @@ -82,9 +85,12 @@ func (d *awsEcrBasicAuthProvider) getEcrAuthToken(artifact string) (EcrAuthToken }, nil } // returning EndpointNotFoundError will allow the service to fall back to its default resolution + // TODO: Update to use regional endpoint + // nolint:staticcheck return aws.Endpoint{}, &aws.EndpointNotFoundError{} }) - + // TODO: Update to use regional endpoint + // nolint:staticcheck cfg, err := config.LoadDefaultConfig(ctx, config.WithEndpointResolverWithOptions(resolver), config.WithWebIdentityRoleCredentialOptions(func(options *stscreds.WebIdentityRoleOptions) { options.RoleSessionName = awsSessionName From c143844d1a2b95426c004bed272755fc8b368682 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 14:04:31 -0700 Subject: [PATCH 08/21] chore: Bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.3 to 1.28.5 (#1558) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7fd690d19..99ca63462 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/aws/aws-sdk-go-v2 v1.27.2 github.com/aws/aws-sdk-go-v2/config v1.27.18 github.com/aws/aws-sdk-go-v2/credentials v1.17.18 - github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 + github.com/aws/aws-sdk-go-v2/service/ecr v1.28.5 github.com/cespare/xxhash/v2 v2.2.0 github.com/dapr/go-sdk v1.8.0 github.com/dgraph-io/ristretto v0.1.1 diff --git a/go.sum b/go.sum index 70f34124b..e470416d1 100644 --- a/go.sum +++ b/go.sum @@ -172,8 +172,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 h1:A4SYk07ef04+vxZToz9 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9/go.mod h1:5jJcHuwDagxN+ErjQ3PU3ocf6Ylc/p9x+BLO/+X4iXw= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 h1:NsP8PA4Kw1sA6UKl3ZFRIcA9dWomePbmoRIvfOl+HKs= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3/go.mod h1:X52zjAVRaXklEU1TE/wO8kyyJSr9cJx9ZsqliWbyRys= +github.com/aws/aws-sdk-go-v2/service/ecr v1.28.5 h1:dvvTFXpWSv9+8lTNPl1EPNZL6BCUV6MgVckEMvXaOgk= +github.com/aws/aws-sdk-go-v2/service/ecr v1.28.5/go.mod h1:Ogt6AOZ/sPBlJZpVFJgOK+jGGREuo8DMjNg+O/7gpjI= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.7 h1:dsmihXaPkhFuUTiL+ygm9RtUYEmhOeIl7DXNIHCoKDg= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.7/go.mod h1:g7If3uXj+mKcmIuxh08qh8I9ju6f/aOSWMyc6hEEi58= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= From 2a581164ad230143af65feaf444af07b408193ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 23:38:50 +0000 Subject: [PATCH 09/21] chore: Bump github/codeql-action from 3.25.8 to 3.25.9 (#1568) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9cfe0976e..95b684c77 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: with: go-version: "1.21" - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # tag=v3.25.8 + uses: github/codeql-action/init@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 with: languages: go - name: Run tidy @@ -41,4 +41,4 @@ jobs: - name: Build CLI run: make build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # tag=v3.25.8 + uses: github/codeql-action/analyze@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a0f9f0d92..79e3e5c44 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -48,6 +48,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # tag=v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 with: sarif_file: results.sarif From ac02e7aff34b6f4ffe8abe6d6c52e41b459f70a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 00:05:56 +0000 Subject: [PATCH 10/21] chore: Bump actions/checkout from 4.1.6 to 4.1.7 (#1569) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-pr.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/e2e-aks.yml | 2 +- .github/workflows/e2e-cli.yml | 8 ++++---- .github/workflows/e2e-k8s.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/high-availability.yml | 2 +- .github/workflows/pr-to-main.yml | 2 +- .github/workflows/publish-charts.yml | 2 +- .github/workflows/publish-dev-assets.yml | 2 +- .github/workflows/publish-package.yml | 2 +- .github/workflows/quick-start.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/run-full-validation.yml | 2 +- .github/workflows/scan-vulns.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/sync-gh-pages.yml | 2 +- 17 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index b9935f402..1d50f647d 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -72,7 +72,7 @@ jobs: environment: azure-test steps: - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 95b684c77..5af2abe86 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=3.0.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 - name: setup go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/e2e-aks.yml b/.github/workflows/e2e-aks.yml index 289cc0e8d..6d03f90c1 100644 --- a/.github/workflows/e2e-aks.yml +++ b/.github/workflows/e2e-aks.yml @@ -33,7 +33,7 @@ jobs: contents: read steps: - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/e2e-cli.yml b/.github/workflows/e2e-cli.yml index 2325e3282..5ce189f37 100644 --- a/.github/workflows/e2e-cli.yml +++ b/.github/workflows/e2e-cli.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Check license header uses: apache/skywalking-eyes/header@cd7b195c51fd3d6ad52afceb760719ddc6b3ee91 with: @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: setup go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -51,7 +51,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - name: Run link check diff --git a/.github/workflows/e2e-k8s.yml b/.github/workflows/e2e-k8s.yml index 4d1e245a2..26aa22e82 100644 --- a/.github/workflows/e2e-k8s.yml +++ b/.github/workflows/e2e-k8s.yml @@ -26,7 +26,7 @@ jobs: contents: read steps: - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index d1fb47447..4e8309186 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: '1.21' - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: golangci-lint uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: diff --git a/.github/workflows/high-availability.yml b/.github/workflows/high-availability.yml index 2a8a9a815..75e44a8be 100644 --- a/.github/workflows/high-availability.yml +++ b/.github/workflows/high-availability.yml @@ -30,7 +30,7 @@ jobs: DAPR_VERSION: ["1.13.2"] steps: - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/pr-to-main.yml b/.github/workflows/pr-to-main.yml index b5464129d..5815d6742 100644 --- a/.github/workflows/pr-to-main.yml +++ b/.github/workflows/pr-to-main.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: git checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # https://github.com/marketplace/actions/github-pull-request-action - name: create pull request with reposync action diff --git a/.github/workflows/publish-charts.yml b/.github/workflows/publish-charts.yml index 0ef047f55..06d9319a8 100644 --- a/.github/workflows/publish-charts.yml +++ b/.github/workflows/publish-charts.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Publish Helm charts uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 with: diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index b81daeaa5..557192c65 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -15,7 +15,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare id: prepare run: | diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 162f56497..373832191 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare id: prepare run: | diff --git a/.github/workflows/quick-start.yml b/.github/workflows/quick-start.yml index eef1118cd..3c31daf05 100644 --- a/.github/workflows/quick-start.yml +++ b/.github/workflows/quick-start.yml @@ -30,7 +30,7 @@ jobs: KUBERNETES_VERSION: ["1.29.2"] steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de5ba7e14..5270fe2aa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=3.0.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/run-full-validation.yml b/.github/workflows/run-full-validation.yml index 7f62284c2..f80e72e84 100644 --- a/.github/workflows/run-full-validation.yml +++ b/.github/workflows/run-full-validation.yml @@ -60,7 +60,7 @@ jobs: environment: azure-test steps: - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index 4632087ed..75c7c32c5 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -42,7 +42,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Download trivy run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 79e3e5c44..afbed2f45 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -28,7 +28,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=3.0.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: persist-credentials: false diff --git a/.github/workflows/sync-gh-pages.yml b/.github/workflows/sync-gh-pages.yml index e725c038f..e374a81a6 100644 --- a/.github/workflows/sync-gh-pages.yml +++ b/.github/workflows/sync-gh-pages.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write repository-projects: write steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: everlytic/branch-merge@c4a244dc23143f824ae6c022a10732566cb8e973 with: github_token: ${{ github.token }} From 4594acb4522f029b8918c857e1b0e471b94bb3db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 10:08:17 -0700 Subject: [PATCH 11/21] chore: Bump codecov/codecov-action from 4.4.1 to 4.5.0 (#1571) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/e2e-cli.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-cli.yml b/.github/workflows/e2e-cli.yml index 5ce189f37..c41eecc35 100644 --- a/.github/workflows/e2e-cli.yml +++ b/.github/workflows/e2e-cli.yml @@ -39,7 +39,7 @@ jobs: - name: Check build run: bin/ratify version - name: Upload coverage to codecov.io - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Run helm lint @@ -67,7 +67,7 @@ jobs: make install ratify-config install-bats make test-e2e-cli GOCOVERDIR=${GITHUB_WORKSPACE}/test/e2e/.cover - name: Upload coverage to codecov.io - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} markdown-link-check: From 3fc2f791289300652efa65948104adf749848db9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Jun 2024 16:20:36 -0700 Subject: [PATCH 12/21] chore: Bump github/codeql-action from 3.25.9 to 3.25.10 (#1570) --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5af2abe86..c3a0e0e64 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: with: go-version: "1.21" - name: Initialize CodeQL - uses: github/codeql-action/init@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # tag=v3.25.10 with: languages: go - name: Run tidy @@ -41,4 +41,4 @@ jobs: - name: Build CLI run: make build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # tag=v3.25.10 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index afbed2f45..5ad8f9b6d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -48,6 +48,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # tag=v3.25.9 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # tag=v3.25.10 with: sarif_file: results.sarif From a8691a42212d66430d1252814a11b0405270fdea Mon Sep 17 00:00:00 2001 From: Susan Shi Date: Mon, 17 Jun 2024 11:53:40 +1000 Subject: [PATCH 13/21] run scan-vulns.yaml on schedule (#1562) Signed-off-by: Susan Shi --- .github/workflows/scan-vulns.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index 75c7c32c5..bd172e1bd 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -10,6 +10,8 @@ on: - "docs/**" - "library/**" - "**.md" + schedule: + - cron: '30 8 * * 0' # early morning (08:30 UTC) every Sunday workflow_dispatch: permissions: read-all @@ -70,4 +72,4 @@ jobs: run: | for img in "localbuild:test" "localbuildcrd:test"; do trivy image --ignore-unfixed --exit-code 1 --severity HIGH --vuln-type="os,library" "${img}" - done \ No newline at end of file + done From 1058c83637b98fc6f38a843c26a719666e0d9cef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 09:50:49 -0700 Subject: [PATCH 14/21] chore: Bump golang from `a8edec5` to `2eb85b8` in /httpserver (#1572) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- httpserver/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httpserver/Dockerfile b/httpserver/Dockerfile index be47fd96c..a0a9f3773 100644 --- a/httpserver/Dockerfile +++ b/httpserver/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.21@sha256:a8edec58ba598e2f1259f4ec4ca1b06358468214225e73d7c841ab0980c12367 as builder +FROM --platform=$BUILDPLATFORM golang:1.21@sha256:2eb85b8942c29145b4a5bed2d0f3dc1a3ba2f823aec74afe16751da108a585e1 as builder ARG TARGETPLATFORM ARG TARGETOS From 205e6a97855f981e439c6cb6872cab76137cf4c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:20:23 +0000 Subject: [PATCH 15/21] chore: Bump k8s.io/client-go from 0.28.10 to 0.28.11 (#1573) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 99ca63462..9003659f2 100644 --- a/go.mod +++ b/go.mod @@ -49,9 +49,9 @@ require ( golang.org/x/sync v0.7.0 google.golang.org/grpc v1.62.2 google.golang.org/protobuf v1.33.0 - k8s.io/api v0.28.10 - k8s.io/apimachinery v0.28.10 - k8s.io/client-go v0.28.10 + k8s.io/api v0.28.11 + k8s.io/apimachinery v0.28.11 + k8s.io/client-go v0.28.11 oras.land/oras-go/v2 v2.5.0 ) diff --git a/go.sum b/go.sum index e470416d1..1e61a2c0c 100644 --- a/go.sum +++ b/go.sum @@ -1228,14 +1228,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.10 h1:q1Y+h3F+siuwP/qCQuqgqGJjaIuQWN0yFE7z367E3Q0= -k8s.io/api v0.28.10/go.mod h1:u6EzGdzmEC2vfhyw4sD89i7OIc/2v1EAwvd1t4chQac= +k8s.io/api v0.28.11 h1:2qFr3jSpjy/9QirmlRP0LZeomexuwyRlE8CWUn9hPNY= +k8s.io/api v0.28.11/go.mod h1:nQSGyxQ2sbS73i1zEJyaktFvFfD72z/7nU+LqxzNnXk= k8s.io/apiextensions-apiserver v0.27.7 h1:YqIOwZAUokzxJIjunmUd4zS1v3JhK34EPXn+pP0/bsU= k8s.io/apiextensions-apiserver v0.27.7/go.mod h1:x0p+b5a955lfPz9gaDeBy43obM12s+N9dNHK6+dUL+g= -k8s.io/apimachinery v0.28.10 h1:cWonrYsJK3lbuf9IgMs5+L5Jzw6QR3ZGA3hzwG0HDeI= -k8s.io/apimachinery v0.28.10/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o= -k8s.io/client-go v0.28.10 h1:y+mvUei3+RU0rE7r2BZFA2ApTAsXSN1glGs4QfULLt4= -k8s.io/client-go v0.28.10/go.mod h1:JLwjCWhQhvm1F4J+7YAr9WVhSRNmfkRofPWU43m8LZk= +k8s.io/apimachinery v0.28.11 h1:Ovrx7IOkKSgFJn8+d5BXOC7POzP4i7kOAVlx46iRQ04= +k8s.io/apimachinery v0.28.11/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o= +k8s.io/client-go v0.28.11 h1:YHtF6Bg4/DdYHHsx6f5Ti/0giwoo19t3DbBYYmo9xks= +k8s.io/client-go v0.28.11/go.mod h1:yi2BW8PQhFDLGmZ3WbyTJYX5J8YM6n3WUj1fvL7pJ4g= k8s.io/component-base v0.27.7 h1:kngM58HR9W9Nqpv7e4rpdRyWnKl/ABpUhLAZ+HoliMs= k8s.io/component-base v0.27.7/go.mod h1:YGjlCVL1oeKvG3HSciyPHFh+LCjIEqsxz4BDR3cfHRs= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= From 80ffa1f17ebe54dbdd37ea4f28a938d7aa077f20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 11:18:15 -0700 Subject: [PATCH 16/21] chore: Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1577) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 9003659f2..85016cf9f 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/sigstore/sigstore v1.8.4 github.com/sirupsen/logrus v1.9.3 github.com/spdx/tools-golang v0.5.4 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 github.com/xlab/treeprint v1.1.0 go.opentelemetry.io/otel/exporters/prometheus v0.39.0 go.opentelemetry.io/otel/metric v1.24.0 diff --git a/go.sum b/go.sum index 1e61a2c0c..13f932961 100644 --- a/go.sum +++ b/go.sum @@ -241,7 +241,7 @@ github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSk github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= @@ -709,8 +709,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= From 6c197b8050a51be19a8b0679bc20ff4f39e1baf7 Mon Sep 17 00:00:00 2001 From: Yi Zha Date: Tue, 18 Jun 2024 12:13:16 +0800 Subject: [PATCH 17/21] docs: add a proposal for periodic retrieval (#1510) Signed-off-by: Yi Zha --- .../Automated-Certificate-and-Key-Updates.md | 237 ++++++++++++++++++ 1 file changed, 237 insertions(+) create mode 100644 docs/proposals/Automated-Certificate-and-Key-Updates.md diff --git a/docs/proposals/Automated-Certificate-and-Key-Updates.md b/docs/proposals/Automated-Certificate-and-Key-Updates.md new file mode 100644 index 000000000..17ce933f7 --- /dev/null +++ b/docs/proposals/Automated-Certificate-and-Key-Updates.md @@ -0,0 +1,237 @@ +# Automated Certificate and Key Updates + +## Problem/Motivation + +When ensuring the integrity and authenticity of images, you can sign images using Notation with code-signing certificates in Azure Key Vault (AKV) or Cosign with key pairs stored in AKV. To verify these signed images with Ratify in K8s, users typically configure the corresponding certificates or keys using a custom resource called `KeyManagementProvider` (referred to as `KMP` for short). This configuration allows Ratify to retrieve the correct certificates or keys for verification. + +In most cases, certificates and keys are securely managed within a Key Management System (KMS), such as AWS KMS, Azure Key Vault (AKV), HashiCorp Vault, or GCP KMS. As a proactive security best practice, both certificates and keys are regularly rotated within a KMS. This rotation can occur automatically or manually (On-demand) - For example, when certificates or keys are compromised. For most of KMS, after rotation, the cryptographic material associated with the key or certificate is updated while maintaining the same references (i.e., the key name or certificate name). This ensures compatibility with existing applications and services that rely on that certificate or key. For instance, if a certificate is rotated in AKV, the certificate name remains unchanged, but a new version of the certificate is created. The cryptographic key identifier in the new version differs from the previous version. Applications can continue referencing the certificate using the same name without breaking compatibility. + +In the current Ratify version (v1.2.0 or earlier), AKV is the only supported KMS provider. Consider AKV key configuration as an example: users can specify either the key name or a specific version of the key. If only the key name is configured, Ratify fetches the latest version of the configured key and caches it. When a specific version is configured, Ratify retrieves that precise version and caches it. However, unless users update the existing `KMP` resource to use a different key or key version, or delete the existing `KMP` and reapply it, the cached key versions remain unchanged. Consequently, when key rotation occurs or the key’s operational status changes, Ratify continues to rely on the cached version. This can lead to several issues: + +- **Signature Verification Failures** + - When images are signed with the latest version of the key, signature verification fails because the cached key is not updated. + - Images signed with previous versions may persist for an extended period, but Ratify only caches the latest version. Consequently, signature verification may fail for images signed using older versions. +- **Disabled Keys Should Not Be Used** + - If a key is disabled (due to compromise, for example), Ratify can still use the cached version for image verification. This poses significant security risks, as disabled keys should not be employed in any cryptographic operations. + +To address these challenges, users need to manually update or reapply the `KMP` resource to trigger Ratify to retrieve the latest/specific versions of keys or certificates. This step can be cumbersome, especially considering automated key rotation. Additionally, users must keep the previous versions of keys configured for some time, as not all images are signed with the latest/specific versions. In practice, keeping up with these changes manually can be challenging, and misconfigurations may lead to image verification failures and unnecessary service downtime. + +Certificate rotation in AKV follows a similar process to key rotation, as described earlier, but its impact is less significant. According to the Notary Project specification, only root CA certificates are required for trust stores. The root CA certificate typically has a long validity and is unlikely to change during certificate rotation unless users switch to a different CA for issuing code-signing certificates. As a result, the cached root CA certificate can be used for quite a long period normally. + +To address these problems, this document begins by comparing various key management providers. It then outlines scenarios, proposal and user experiences. + +## Key Management Providers comparison + +This section compares various KMPs that can be integrated with Ratify for signature verification scenarios: +- AWS KMS: https://docs.aws.amazon.com/kms/ +- Azure Key Vault: https://learn.microsoft.com/en-us/azure/key-vault/ (already supported by Ratify) +- HCP Vault: https://developer.hashicorp.com/vault/docs/what-is-vault +- GCP KMS: https://cloud.google.com/kms/docs/key-management-service +- AWS Signer: https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html +- Azure Trusted Signing: https://learn.microsoft.com/en-us/azure/trusted-signing/overview + +Here’s a comparison of various KMSs used for creating and managing keys/certificates for signing and verification: + +| | **AWS KMS** | **Azure Key Vault** | **HCP Vault** | **GCP KMS** | +|----------------------------|-------------|---------------------|---------------|-------------| +| **Key Operations** | Enable, Disable, Delete, Versioning, Rotate | Enable, Disable, Delete, Versioning, Rotate | Enable, Disable, Delete, Versioning, Rotate | Enable, Disable, Delete, Versioning, Rotate | +| **Key Rotation** | Manual for asymmetric keys | Automatic/Manual | Automatic/Manual | Manual for asymmetric keys | +| **Rotation Result** | New version created, old version remains valid | New version created, old version remains valid | New version created, old version remains valid | New version created, old version remains valid | +| **Events** | CloudWatch Events for key state changes | Azure Event Grid for key state changes | Custom implementation (e.g., using Vault's audit logs) | Cloud Pub/Sub for key state changes | +| **Certificate management** | Not supported | Supported | Supported | Not supported | + +Additionally, here’s a comparison of fully managed code-signing services related to Ratify signature verification scenarios. The difference from KMS in previous table is that fully managed code-signing services do not require users to create keys/certificates, instead they managed the key/certificates for users and normally these key/certificates have short validity. For fully managed code-signing, normally users set up a profile for signing purpose. The profile identifier is similar to the key identifier that used by KMS in previous table. Users can revoke the profile, so that it cannot be used for signing an verification. + +| | **AWS Signer** | **Azure Trusted Signing** | +|------------------------|--------------------------------------------------|---------------------------------------| +| **Configuration** | Signing profile | Certificate profile | +| **Revocation** | Signature revocation, signing profile revocation | Certificate profile revocation | +| **Signature Type** | Notary Project signature | Notary Project signature | + +Lastly, here’s `KMP` resource availability in Ratify v1.2.0: + +| | **AWS KMS** | **Azure KV** | **HCP Vault** | **GCP KMS** | **AWS Signer** | **Azure Trusted Signing** | +|---------------------------------------|-------------|---------------------|---------------|-------------|------------------|---------------------------| +| Notary Project signature verification | N/A | `azurekeyvault KMP` | N/A | N/A | N/A | N/A | +| Cosign signature verification | N/A | `azurekeyvault KMP` | N/A | N/A| N/A | N/A | + +If users have keys or certificates stored in a KMS, which does not have a corresponding `KMP` resource in Ratify, user can download the key or certificate from the KMS and configure a `inline KMP` for verification. + +## Scenarios + +### Certificate rotation + +Alice, an application engineer at Contoso LLC, focuses on securing containerized applications. She sets up the build pipeline to sign container images using certificates stored in a KMS. To ensure that only trusted images are deployed in Kubernetes clusters, she deploys Gatekeeper and Ratify. Ratify is configured to validate signatures using certificates in a KMS. Alice applies the security best practice that the certificate expires after certain periods, and automatic rotation is enabled before expiry. Alice wants Ratify to sync multiple versions of the certificate in AKV including latest version and previous versions. This way, Ratify can successfully verify images signed by different versions without requiring manual configuration adjustments. Additionally, she sets up the pipeline to update the signing certificate to the latest version for signing container images. By doing so, she ensures that container images are consistently signed with up-to-date certificates. The automatic handling of certificate updates enhances security and reduces the risk of service disruptions. + +### Certificate revocation + +A malicious user compromised specific versions of certificate. Alice promptly reported this incident to the Certificate Authority (CA). The CA added the compromised versions to the Certificate Revocation List (CRL) and responded to Online Certificate Status Protocol (OCSP) queries with the revoked status. As Alice expects, Ratify denies the deployment of images that were signed with revoked versions. Alice rotated the certificate manually resulting a new version of the certificate with new cryptographic materials. Alice wants Ratify to sync multiple versions of a certificate including latest version and previous versions, This way, it ensures successful verification of images signed with the latest version without requiring manual configuration adjustments. Additionally, the build pipeline was triggered to build and sign all the images with the new version of the certificate. By following these actions, Alice maintains security while seamlessly transitioning to the new certificate version. + +### Key rotation + +Bob, an application engineer at Wabbit Network LLC, focuses on securing containerized applications. He sets up the build pipeline to sign container images using key pairs in a KMS. To ensure that only trusted images are deployed in Kubernetes clusters, he deploys Gatekeeper and Ratify. Ratify is configured to validate signatures using public keys in the KMS. As a security best practice, Bob configured automated key rotation for keys in the KMS, resulting a new version of the key created before key expiry. Bob wants Ratify to sync multiple versions of a key including latest version and previous versions, allowing successful verification of images signed by different key versions without any manual configuration adjustments. Additionally, Bob sets up the pipeline to update the signing key to the latest version for signing container images. Bob knows that images are not allowed to be signed using keys that have expired in the KMS, but verification using expired key is allowed for verifying images that were signed at the time the key was valid. By following these actions, Bob maintains security while seamlessly supporting verification with the new version of key. + +### Key disabling + +A malicious user compromised the private key used for signing images. Bob promptly rotated the key manually, obtaining a new version, and disabled the compromised version. Bob wants Ratify to sync multiple versions of a key including latest version and previous versions, and excluding any disabled versions without requiring manual configuration adjustments, as a result, images signed with the disabled version fail signature verification and images signed with new version can be verified successfully. Additionally, the build pipeline was triggered to build and sign all the images with the new version of key. By following these actions, Bob maintains security while seamlessly transitioning to the new version of key. + +### Update certificates and keys manually + +In some scenarios, such as when the private key is compromised, both Alice and Bob prefer Ratify update cached keys or certificates immediately. They expect that images signed with compromised keys will fail validation immediately to avoid potential security attacks, and images signed with the rotated version can be validated successfully to prevent potential service downtime. To achieve this, they want to trigger Ratify to sync latest versions of the certificate and key promptly, ensuring that the necessary updates are applied. This way, images can be verified with the correct keys/certificates. + +## Proposed solutions + +There are two methods to update keys or certificate automatically: +- **Periodic retrieval of enabled keys or certificates**: Ratify periodically retrieve multiple enabled keys or certificates from the KMS. + - Pros: + - Simplicity (no need for real-time event handling). + - Predictable resource usage. + - Works well for less time-sensitive use cases + - Cons: + - May lead to delays of updates. + - Frequent queries can impact performance. +- **Event-Driven Notification**: Ratify subscribes to KMS events, when a relevant event occurs, Ratify receives an event notification. Then Ratify can retrieve the latest enabled keys or certificates from the KMS. + - Pros: + - Real-time responsiveness. + - Efficient use of resources (only fetches when needed). + - Minimizes downtime for key or certificates changes. + - Cons: + - Requires adapting to different event infrastructure (webhooks, message queues). + - Complexity in handling event delivery and retries. + +The proposed solution is **Periodic retrieval of enabled keys or certificates** because it is simpler and the update is not a time-sensitive action. Users can manual update keys or certificates as a complementary if required. + +As users may require previous versions for verification, so Ratify can allow users to specify how many previous versions to be synced up. Ratify's default setting is to sync two versions starting from the latest version and the previous enabled version. + +## User experiences + +This section describes the experience that users interact with Ratify using the proposed solution. In summary, the proposed solution maintains the existing user experience for configuring `KMP` resources. Automatic updates of keys or certificates occur seamlessly in the background. However, if users utilize inline `KMP` resources, they will still need to manually update the keys or certificates. Importantly, the automatic updates do not prevent users from making manual updates when necessary. + +### Automatically update keys and certificates + +If users specify key or certificate versions in the `KMP` resource, then only specific versions are updated automatically. For example, if specific versions are disabled or deleted in KMS, then they cannot be used for signature verification after updates. See an example of `KMP` configuration with the version `${KEY_VER}` specified for a key `${KEY_NAME}`: + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + keys: + - name: ${KEY_NAME} + version: ${KEY_VER1} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} +``` + +If users configure key or certificate names or aliases or IDs, no version are specified, then Ratify will sync the latest version and multiple previous versions. Ratify's default setting is to sync the latest version and one previous version. You can specify a parameter named `previousVersionCount` for multiple previous versions. The default value is `1`. If you specify the parameter value `0`, which means only latest version is synced. Disabled versions are not synced. See an example of `KMP` configuration, no versions specified for the key `${KEY_NAME}`. Ratify will fetches two versions `${KEY_VER_LATEST}` and `${KEY_VER_1}`. + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + keys: + - name: ${KEY_NAME} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} +``` + +If your want to sync two previous versions, you can specify `previousVersionCount` to value `2`, for example, + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + keys: + - name: ${KEY_NAME} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} + previousVersionCount: 2 +``` + +The following is an example of `KMP` configuration, no versions specified for the certificate `${CERT_NAME}`. Ratify will sync two certificate versions `${CERT_VER_LATEST}` and `${CERT_VER_1}`。 + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + certificates: + - name: ${CERT_NAME} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} +``` + +### Configure update interval + +Users should have the ability to customize the time interval at which the retrieval process occurs, allowing them to override the default interval (e.g., 24 hours). A new parameter named `updateInterval` is introduced for a `KMP` resource using a KMS as provider, such as AKV. + +The default value for `updateInterval` determines how long the updated versions of keys or certificates will be available for verifying images. For Notary Project signatures, it is the root CA certificate retrieved and configured in trust store. In most cases, root CA certificates have a long validity period. Normally certificate rotation will not result in a change on root CA certificate. For Cosign signatures with key pairs in AKV, it depends on how quickly the pipeline switching to use the latest version for signing. The update interval should also consider the impact on normal verification traffic and rotation frequency in AKV. The current recommendation for default value is 24 hours, and users can configure a proper value based on their own situations. + +Below is an example to override the default retrieval interval: + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + keys: + - name: ${KEY_NAME} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} + updateInterval: 4h +``` + +### Error handling during automatic update + +Some possible causes of the automated update failure are: Ratify cannot access the KMS due to permission changes, or there was a network issue during the update. If this happens, the cached keys and certificates will not be updated, and the `KMP` resource will remain the same as before. It is recommended generating warning logs for the failures and reasons, and producing failure metrics for monitoring, for example, `kmpAutoUpdateFailureCount`. The failure will not affect the next automated update. The cause of the failure could be a configuration problem on Ratify, a KMS issue, or something else. Once it is fixed, users have the option to manually update their keys and certificates instead of waiting for the next scheduled update. + +### Manually update certificates and keys + +You can always update existing `KMP` resources with new configuration without waiting for the automated update. To do it, you just update the existing resource file and then use `kubectl apply` command to apply the changes. For example, after you update the key name in the `KMP` resource file `my_akv_kmp.yaml`, you can execute the following command: + +```shell +kubectl apply -f my_akv_kmp.yaml +``` + +If you do not have any updates of keys/certificates parameters in existing `KMP` resource, but you want to trigger an immediate update of keys/certificates without waiting for the next round of automated update, you can update a specific annotation in the `KMP` resource to trigger an immediate update. For example, to trigger Ratify fetches the latest version right after key rotation, the annotation `metadata.annotations.forceUpdate` is added and set to `1`. The annotation name and value are for inspiring. We can choose a better name and value handling during design. + +```yaml +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: KeyManagementProvider +metadata: + name: keymanagementprovider-akv + annotations: + forceUpdate: 1 +spec: + type: azurekeyvault + parameters: + vaultURI: https://${AKV_NAME}.vault.azure.net/ + keys: + - name: ${KEY_NAME} + tenantID: ${TENANT_ID} + clientID: ${IDENTITY_CLIENT_ID} +``` + +> You can delete and recreate the resource to trigger an update. But this may cause service down time as the resource will be deleted first, then no keys or certificates can be used for verification before a new resource is created. From 2d3a8e07bb2fe76eaacb2d63b6190c57b83aea50 Mon Sep 17 00:00:00 2001 From: Susan Shi Date: Tue, 18 Jun 2024 17:52:52 +1000 Subject: [PATCH 18/21] doc: update minor release branching strategy (#1456) Signed-off-by: Susan Shi Co-authored-by: Binbin Li --- RELEASES.md | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index f8dbf95dc..739401f67 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -9,6 +9,7 @@ The specification release process was created using content and verbiage from th * [ORAS Artifact Specification Releases](https://github.com/oras-project/artifacts-spec/blob/main/RELEASES.md) * [ORAS Developer Guide](https://github.com/oras-project/oras-www/blob/main/docs/CLI/5_developer_guide.md) * [Mystikos Release Management](https://github.com/deislabs/mystikos/blob/main/doc/releasing.md) +* [Gatekeeper Release Management](https://github.com/open-policy-agent/gatekeeper/blob/8f5201f0f48d50cc14153d100172689f03aa5f39/docs/Release_Management.md) ## Versioning @@ -26,36 +27,36 @@ Example pre-release versions include `v0.1.0-alpha1`, `v0.1.0-beta2`, `v0.1.0-rc 2. If the format of the data returned for [external data calls](docs/reference/verification-result-version.md) has changed, validate change is also reflected in [`httpserver/types.go`](httpserver/types.go). -3. Delete all dev images generated since the previous release under the `ratify-dev` and `ratify-crds-dev` [packages](https://github.com/orgs/deislabs/packages?repo_name=ratify). Each dev image tag is prefixed with `dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a build generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `dev.20230308.4cf9838`). The most recent images are also tagged with a rolling tag `latest`. +3. Delete all dev images generated since the previous release under the `ratify-dev` and `ratify-crds-dev` [packages](https://github.com/orgs/ratify-project/packages?repo_name=ratify). Each dev image tag is prefixed with `dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a build generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `dev.20230308.4cf9838`). The most recent images are also tagged with a rolling tag `latest`. -4. Delete all dev helm charts since the previous release under the `ratify-chart-dev/ratify` [packages](https://github.com/orgs/deislabs/packages?repo_name=ratify). Each helm chart is published with a semantic version compatible tag `0-dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a chart generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `0-dev.20230308.4cf9838`). The most recent dev chart is also tagged with the rolling tag `0-dev`. +4. Delete all dev helm charts since the previous release under the `ratify-chart-dev/ratify` [packages](https://github.com/orgs/ratify-project/packages?repo_name=ratify). Each helm chart is published with a semantic version compatible tag `0-dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a chart generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `0-dev.20230308.4cf9838`). The most recent dev chart is also tagged with the rolling tag `0-dev`. 5. Copy contents from [`dev.helmfile.yaml`](dev.helmfile.yaml) to [`helmfile.yaml`](helmfile.yaml) & [`dev.high-availability.helmfile.yaml`](dev.high-availability.helmfile.yaml) to [`high-availability.helmfile.yaml`](high-availability.helmfile.yaml). You MUST update/remove values marked by comments in the files. The `dev` prefixed helmfiles are treated as staging files that are up to date with new changes on main branch. The primary `helmfile.yaml` and `high-availability.helmfile.yaml` MUST stay pinned to the current release since they are used by the quickstarts. Update `dev.helmfile.yaml` & `dev.high-availability.helmfile.yaml` ratify chart version to new release version. -6. Our `main` branch contains an extra merge commits compared to `dev` due to the PR [workflow](CONTRIBUTING.md#pull-requests), once per release, we will need to sync `dev` with the `main` branch. -Once we are looking to automate this with tracking [issue], for now we will need the following steps: - - maintainer manually disable allow force push in branch protection rule - - make sure the local main branch is up to date - - force push to dev branch, ```git push origin --force main:dev``` ## Git Release Flow This section deals with the practical considerations of versioning in Git, this repo's version control system. See the semantic versioning specification for the scope of changes allowed for each release type. +All releases will be of the form _vX.Y.Z_ where X is the major version, Y is the minor version and Z is the patch version. + ### Patch releases -When a patch release is required, the patch commits should be merged with the `main` branch when ready. Then a new branch should be created with the patch version incremented and optional pre-release specifiers. For example if the previous release was `v0.1.0`, the branch should be named `v0.1.1` and can optionally be suffixed with a pre-release (e.g. `v0.1.1-rc1`). The limited nature of fixes in a patch release should mean pre-releases can often be omitted. +Applicable fixes, including security fixes, may be backported to supported releases, depending on severity and feasibility. Patch release are cut from branch `release-X.Y`. Commits can be cherry-picked from `main`, changes should be merged into latest supported minor release-X.Y branches once required PR requirements are met. ### Minor releases -When a minor release is required, the release commits should be merged with the `main` branch when ready. Then a new branch should be created with the minor version incremented and optional pre-release specifiers. For example if the previous release was `v0.1.1`, the branch should be named `v0.2.0` and can optionally be suffixed with a pre-release (e.g. `v0.2.0-beta1`). Pre-releases will be more common will be more common with minor releases. +When a minor release is required, the release commits should be merged with the `main` branch when ready. + + - Alpha and Beta releases will be cut from the main branch. + - For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`. ### Major releases -When a major release is required, the release commits should be merged with the `main` branch when ready. Then a new branch should be created with the major version incremented and optional pre-release specifiers. For example if the previous release was `v1.1.1`, the branch should be named `v2.0.0` and can optionally be suffixed with a pre-release (e.g. `v2.0.0-alpha1`). Major versions will usually require multiple pre-release versions. +When a major release is required, the release commits should be merged with the `main` branch when ready. Major versions will usually require multiple pre-release versions. Similar to minor releases, the new branch should be created for the RC and stable release. ### Tag and Release -Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the release branch is ready, a tag should be pushed with a name matching the branch name, e.g. `git tag v0.1.0-alpha1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): +**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): * The release will be marked as a draft to allow an final editing before publishing. * The release notes and other fields can edited after the action completes. The description can be in Markdown. @@ -63,20 +64,25 @@ Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/fil * The pre-built binaries are built from commit at the head of the release branch. * The files are named `ratify_--__` with `.zip` files for Windows and `.tar.gz` for all others. -## Post Release Activity +## Supported Releases +Applicable fixes, including security fixes, may be cherry-picked into the release branch, depending on severity and feasibility. Patch releases are cut from that branch as needed. + +We expect to "support" n (current). "Support" means we expect users to be running that version in production. For example, when v1.2 comes out, v1.1 will no longer be supported for patches, and we encourage users to upgrade to a supported version as soon as possible. -1. Our `main` branch contains an extra merge commits compared to `dev` due to the PR [workflow](CONTRIBUTING.md#pull-requests), once per release, we will need to sync `dev` with the `main` branch. -Once we are looking to automate this with tracking [issue], for now we will need the following steps: - - maintainer manually disable allow force push in branch protection rule - - make sure the local main branch is up to date - - force push to dev branch, ```git push origin --force main:dev``` +## Supported Kubernetes and Gatekeeper Versions + +Ratify is assumed to be compatible with [GateKeeper Supported Versions](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/Release_Management.md#supported-releases) and the [current Kubernetes Supported Versions](https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches) per [Kubernetes Supported Versions policy](https://kubernetes.io/releases/version-skew-policy/). + +For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). + +## Post Release Activity -2. After a successful release, please manually trigger [quick start action](.github/quick-start.yml) to validate the quick start test is passing. Validate in the run logs that the version of ratify matches the latest released version. +After a successful release, please manually trigger [quick start action](.github/quick-start.yml) to validate the quick start test is passing. Validate in the run logs that the version of ratify matches the latest released version. ### Weekly Dev Release #### Publishing Guidelines -- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/deislabs/ratify/blob/main/.github/workflows/publish-package.yml#L8). +- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). - Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. - Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` - Go to the `Actions` tab for the Ratify repository @@ -90,15 +96,15 @@ Once we are looking to automate this with tracking [issue], for now we will need - Once issue is created, post in the `#ratify` slack channel and tag the maintainers - Maintainers should acknowledge request by approving/denying request as a follow up comment #### How to use a dev build -1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/deislabs/ratify/pkgs/container/ratify-dev) and [here](https://github.com/deislabs/ratify/pkgs/container/ratify-crds-dev). +1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-dev) and [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-crds-dev). 2. the `repository` `crdRepository` and `tag` fields must be updated in the helm chart to point to dev build instead of last released build. Please set the tag to be latest tag found at the corresponding `-dev` suffixed package. An example install command scaffold: ``` helm install ratify \ ./charts/ratify --atomic \ --namespace gatekeeper-system \ - --set image.repository=ghcr.io/deislabs/ratify-dev - --set image.crdRepository=ghcr.io/deislabs/ratify-crds-dev + --set image.repository=ghcr.io/ratify-project/ratify-dev + --set image.crdRepository=ghcr.io/ratify-project/ratify-crds-dev --set image.tag=dev.. --set-file notationCerts[0]=./test/testdata/notation.crt ``` -NOTE: the tag field is the only value that will change when updating to newer dev build images \ No newline at end of file +NOTE: the tag field is the only value that will change when updating to newer dev build images From f536f68762f1d3b962a87cc77283a1bd786c5805 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Tue, 18 Jun 2024 18:04:40 -0700 Subject: [PATCH 19/21] ci: harden github actions (#1579) Signed-off-by: StepSecurity Bot Co-authored-by: Akash Singhal --- .github/workflows/build-pr.yml | 5 +++++ .github/workflows/cache-cleanup.yml | 5 +++++ .github/workflows/clean-dev-package.yml | 5 +++++ .github/workflows/codeql.yml | 5 +++++ .github/workflows/e2e-aks.yml | 5 +++++ .github/workflows/e2e-cli.yml | 20 ++++++++++++++++++++ .github/workflows/e2e-k8s.yml | 5 +++++ .github/workflows/golangci-lint.yml | 5 +++++ .github/workflows/high-availability.yml | 5 +++++ .github/workflows/pr-to-main.yml | 5 +++++ .github/workflows/publish-charts.yml | 5 +++++ .github/workflows/publish-dev-assets.yml | 5 +++++ .github/workflows/publish-package.yml | 5 +++++ .github/workflows/publish-sample.yml | 5 +++++ .github/workflows/quick-start.yml | 5 +++++ .github/workflows/release.yml | 5 +++++ .github/workflows/run-full-validation.yml | 5 +++++ .github/workflows/scorecards.yml | 5 +++++ .github/workflows/sync-gh-pages.yml | 5 +++++ 19 files changed, 110 insertions(+) diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 1d50f647d..131743efc 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -71,6 +71,11 @@ jobs: contents: read environment: azure-test steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml index 191e5b1c8..3b6e92dfd 100644 --- a/.github/workflows/cache-cleanup.yml +++ b/.github/workflows/cache-cleanup.yml @@ -11,6 +11,11 @@ jobs: cleanup: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Cleanup run: | gh extension install actions/gh-actions-cache diff --git a/.github/workflows/clean-dev-package.yml b/.github/workflows/clean-dev-package.yml index f21baa6cc..384ffb7e6 100644 --- a/.github/workflows/clean-dev-package.yml +++ b/.github/workflows/clean-dev-package.yml @@ -12,6 +12,11 @@ jobs: permissions: packages: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Clean up ratify-crds-dev uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c3a0e0e64..5d8b8b868 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,6 +26,11 @@ jobs: security-events: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 - name: setup go environment diff --git a/.github/workflows/e2e-aks.yml b/.github/workflows/e2e-aks.yml index 6d03f90c1..d11028b42 100644 --- a/.github/workflows/e2e-aks.yml +++ b/.github/workflows/e2e-aks.yml @@ -32,6 +32,11 @@ jobs: id-token: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/e2e-cli.yml b/.github/workflows/e2e-cli.yml index c41eecc35..1ae9fd279 100644 --- a/.github/workflows/e2e-cli.yml +++ b/.github/workflows/e2e-cli.yml @@ -10,6 +10,11 @@ jobs: check-license: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Check license header @@ -26,6 +31,11 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: setup go environment @@ -50,6 +60,11 @@ jobs: permissions: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment @@ -73,6 +88,11 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/e2e-k8s.yml b/.github/workflows/e2e-k8s.yml index 26aa22e82..31fb49a7a 100644 --- a/.github/workflows/e2e-k8s.yml +++ b/.github/workflows/e2e-k8s.yml @@ -25,6 +25,11 @@ jobs: permissions: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 4e8309186..a27d793ff 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -14,6 +14,11 @@ jobs: name: lint runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: '1.21' diff --git a/.github/workflows/high-availability.yml b/.github/workflows/high-availability.yml index 75e44a8be..a61da8982 100644 --- a/.github/workflows/high-availability.yml +++ b/.github/workflows/high-availability.yml @@ -29,6 +29,11 @@ jobs: matrix: DAPR_VERSION: ["1.13.2"] steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/pr-to-main.yml b/.github/workflows/pr-to-main.yml index 5815d6742..502baaaae 100644 --- a/.github/workflows/pr-to-main.yml +++ b/.github/workflows/pr-to-main.yml @@ -13,6 +13,11 @@ jobs: name: Create PR Release to Main runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: git checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 diff --git a/.github/workflows/publish-charts.yml b/.github/workflows/publish-charts.yml index 06d9319a8..1dd88dab9 100644 --- a/.github/workflows/publish-charts.yml +++ b/.github/workflows/publish-charts.yml @@ -12,6 +12,11 @@ jobs: permissions: contents: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Publish Helm charts uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index 557192c65..f79f4b2f4 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -14,6 +14,11 @@ jobs: packages: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 373832191..911f09bae 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -15,6 +15,11 @@ jobs: packages: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare diff --git a/.github/workflows/publish-sample.yml b/.github/workflows/publish-sample.yml index e7eb67a08..dfbe9dd37 100644 --- a/.github/workflows/publish-sample.yml +++ b/.github/workflows/publish-sample.yml @@ -18,6 +18,11 @@ jobs: contents: write packages: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Get repo run: | echo "REPOSITORY=${{ env.REGISTRY }}/${{ github.repository }}" >> $GITHUB_ENV diff --git a/.github/workflows/quick-start.yml b/.github/workflows/quick-start.yml index 3c31daf05..4d6ba4ca6 100644 --- a/.github/workflows/quick-start.yml +++ b/.github/workflows/quick-start.yml @@ -29,6 +29,11 @@ jobs: matrix: KUBERNETES_VERSION: ["1.29.2"] steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5270fe2aa..252927429 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,11 @@ jobs: permissions: contents: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: diff --git a/.github/workflows/run-full-validation.yml b/.github/workflows/run-full-validation.yml index f80e72e84..1361c97b9 100644 --- a/.github/workflows/run-full-validation.yml +++ b/.github/workflows/run-full-validation.yml @@ -59,6 +59,11 @@ jobs: contents: read environment: azure-test steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5ad8f9b6d..2314a2688 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,6 +27,11 @@ jobs: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: "Checkout code" uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: diff --git a/.github/workflows/sync-gh-pages.yml b/.github/workflows/sync-gh-pages.yml index e374a81a6..fc8baaa43 100644 --- a/.github/workflows/sync-gh-pages.yml +++ b/.github/workflows/sync-gh-pages.yml @@ -16,6 +16,11 @@ jobs: pull-requests: write repository-projects: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: everlytic/branch-merge@c4a244dc23143f824ae6c022a10732566cb8e973 with: From 91b9889413b9369ec0e721a80d7146b906c0a0fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 09:13:59 +1000 Subject: [PATCH 20/21] chore: Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#1575) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Akash Singhal Co-authored-by: huish@microsoft.com --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 85016cf9f..66a52e459 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-jose/go-jose/v3 v3.0.3 github.com/golang/protobuf v1.5.4 - github.com/google/go-containerregistry v0.19.1 + github.com/google/go-containerregistry v0.19.2 github.com/gorilla/mux v1.8.1 github.com/notaryproject/notation-core-go v1.0.3 github.com/notaryproject/notation-go v1.0.1 @@ -91,6 +91,7 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/docker/docker v24.0.9+incompatible // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect @@ -152,7 +153,6 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/fxamacker/cbor/v2 v2.6.0 // indirect diff --git a/go.sum b/go.sum index 13f932961..9672f41e6 100644 --- a/go.sum +++ b/go.sum @@ -434,8 +434,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= -github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= From 4a5fee5a7410d38dec0ab6a0b6cc7979026d2e36 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Wed, 19 Jun 2024 16:52:26 -0700 Subject: [PATCH 21/21] chore: remodule ratify package (#1552) --- .github/workflows/publish-dev-assets.yml | 4 +- .github/workflows/publish-package.yml | 4 +- .goreleaser.yml | 2 +- CONTRIBUTING.md | 18 ++--- Makefile | 18 ++--- README.md | 6 +- RELEASES.md | 44 ++++++------ ROADMAP.md | 12 ++-- api/v1alpha1/certificatestore_conversion.go | 2 +- api/v1alpha1/doc.go | 2 +- api/v1alpha1/policy_conversion.go | 4 +- api/v1alpha1/policy_conversion_test.go | 4 +- api/v1alpha1/store_conversion.go | 2 +- api/v1alpha1/verifier_conversion.go | 2 +- api/v1alpha1/zz_generated.conversion.go | 2 +- api/v1beta1/doc.go | 2 +- api/v1beta1/zz_generated.conversion.go | 2 +- charts/ratify/Chart.yaml | 4 +- charts/ratify/README.md | 4 +- charts/ratify/values.yaml | 4 +- cmd/ratify/cmd/discover.go | 16 ++--- cmd/ratify/cmd/referrer.go | 10 +-- cmd/ratify/cmd/resolve.go | 10 +-- cmd/ratify/cmd/root.go | 4 +- cmd/ratify/cmd/serve.go | 10 +-- cmd/ratify/cmd/verify.go | 18 ++--- cmd/ratify/cmd/version.go | 2 +- cmd/ratify/main.go | 16 ++--- config/config.go | 26 +++---- config/configManager.go | 2 +- ...ication Provider Support For ORAS Store.md | 4 +- .../design/Config Policy Provider Refactor.md | 2 +- docs/design/Cosign Upgrade 2024.md | 6 +- docs/design/Metrics.md | 2 +- .../Policy Provider refactor (deprecated).md | 2 +- .../Ratify Vulnerability Report Verifier.md | 2 +- ...fication Result Cache at Executor Level.md | 4 +- .../Cosign Upgrade Discussion 2024.md | 12 ++-- .../Negative test cases for Ratify.md | 32 ++++----- experimental/generate-protos.sh | 4 +- .../proto/v1/orchestrator/orchestrator.pb.go | 2 +- .../v1/referrerstore/referrerstore.pb.go | 2 +- experimental/proto/v1/verifier/verifier.pb.go | 2 +- experimental/ratify/proto/README.md | 2 +- experimental/ratify/proto/v1/common.proto | 2 +- .../ratify/proto/v1/orchestrator.proto | 2 +- .../ratify/proto/v1/referrerstore.proto | 2 +- experimental/ratify/proto/v1/verifier.proto | 2 +- go.mod | 2 +- httpserver/Dockerfile | 2 +- httpserver/context.go | 2 +- httpserver/handlers.go | 20 +++--- httpserver/server.go | 6 +- httpserver/server_test.go | 18 ++--- httpserver/types.go | 4 +- httpserver/types_test.go | 4 +- internal/logger/logger.go | 4 +- pkg/cache/dapr/dapr.go | 8 +-- pkg/cache/ristretto/ristretto.go | 6 +- pkg/cache/ristretto/ristretto_test.go | 2 +- pkg/certificateprovider/azurekeyvault/auth.go | 2 +- .../azurekeyvault/provider.go | 12 ++-- .../azurekeyvault/provider_test.go | 2 +- .../certificate_provider.go | 2 +- .../certificate_provider_test.go | 2 +- pkg/certificateprovider/inline/provider.go | 4 +- pkg/common/oras/authprovider/authprovider.go | 4 +- .../oras/authprovider/authprovider_test.go | 2 +- .../oras/authprovider/authproviderfactory.go | 2 +- .../oras/authprovider/aws/awsecrbasic.go | 4 +- .../oras/authprovider/azure/azureidentity.go | 6 +- .../authprovider/azure/azureidentity_test.go | 4 +- .../azure/azureworkloadidentity.go | 10 +-- .../azure/azureworkloadidentity_test.go | 4 +- pkg/common/oras/authprovider/azure/const.go | 2 +- .../authprovider/k8secret_authprovider.go | 6 +- .../k8secret_authprovider_test.go | 2 +- pkg/common/plugin/download.go | 8 +-- pkg/common/plugin/download_test.go | 2 +- pkg/common/plugin/exec.go | 2 +- pkg/common/utils/utils.go | 2 +- pkg/common/utils/utils_test.go | 2 +- .../keymanagementprovider_controller.go | 12 ++-- .../keymanagementprovider_controller_test.go | 8 +-- .../clusterresource/policy_controller.go | 8 +-- .../clusterresource/policy_controller_test.go | 12 ++-- .../clusterresource/store_controller.go | 8 +-- .../clusterresource/store_controller_test.go | 12 ++-- .../clusterresource/verifier_controller.go | 8 +-- .../verifier_controller_test.go | 10 +-- .../certificatestore_controller.go | 14 ++-- .../certificatestore_controller_test.go | 14 ++-- .../keymanagementprovider_controller.go | 12 ++-- .../keymanagementprovider_controller_test.go | 10 +-- .../namespaceresource/policy_controller.go | 8 +-- .../policy_controller_test.go | 12 ++-- .../namespaceresource/store_controller.go | 8 +-- .../store_controller_test.go | 8 +-- .../namespaceresource/verifier_controller.go | 8 +-- .../verifier_controller_test.go | 8 +-- pkg/controllers/resource_map.go | 8 +-- pkg/controllers/utils/kmp.go | 10 +-- pkg/controllers/utils/kmp_test.go | 4 +- pkg/controllers/utils/policy.go | 6 +- pkg/controllers/utils/policy_test.go | 6 +- pkg/controllers/utils/store.go | 12 ++-- pkg/controllers/utils/store_test.go | 8 +-- pkg/controllers/utils/verifier.go | 12 ++-- pkg/controllers/utils/verifier_test.go | 12 ++-- .../certificatestores/certificatestores.go | 8 +-- .../certificatestores_test.go | 6 +- pkg/customresources/policies/api.go | 2 +- pkg/customresources/policies/policies.go | 4 +- pkg/customresources/policies/policies_test.go | 8 +-- pkg/customresources/referrerstores/api.go | 2 +- pkg/customresources/referrerstores/stores.go | 4 +- .../referrerstores/stores_test.go | 10 +-- pkg/customresources/verifiers/api.go | 2 +- pkg/customresources/verifiers/verifiers.go | 4 +- .../verifiers/verifiers_test.go | 10 +-- pkg/executor/api.go | 2 +- pkg/executor/core/executor.go | 30 ++++---- pkg/executor/core/executor_test.go | 28 ++++---- pkg/executor/core/executorwithcache.go | 6 +- pkg/executor/core/testtypes.go | 8 +-- pkg/executor/types/types.go | 2 +- .../azurekeyvault/auth.go | 2 +- .../azurekeyvault/provider.go | 16 ++--- .../azurekeyvault/provider_test.go | 4 +- pkg/keymanagementprovider/factory/factory.go | 6 +- .../factory/factory_test.go | 6 +- pkg/keymanagementprovider/inline/provider.go | 8 +-- .../inline/provider_test.go | 4 +- .../keymanagementprovider.go | 8 +-- .../keymanagementprovider_test.go | 4 +- pkg/keymanagementprovider/mocks/types.go | 2 +- pkg/manager/manager.go | 32 ++++----- pkg/metrics/stats_reporter.go | 4 +- pkg/metrics/stats_reporter_test.go | 2 +- pkg/policyprovider/api.go | 6 +- .../configpolicy/configpolicy.go | 18 ++--- .../configpolicy/configpolicy_test.go | 14 ++-- pkg/policyprovider/factory/factory.go | 8 +-- pkg/policyprovider/factory/factory_test.go | 6 +- pkg/policyprovider/mocks/types.go | 8 +-- .../policyengine/opaengine/opa_engine.go | 4 +- .../policyengine/opaengine/opa_engine_test.go | 2 +- pkg/policyprovider/policyquery/rego/query.go | 2 +- pkg/policyprovider/regopolicy/regopolicy.go | 24 +++---- .../regopolicy/regopolicy_test.go | 8 +-- pkg/referrerstore/api.go | 6 +- pkg/referrerstore/factory/factory.go | 14 ++-- pkg/referrerstore/factory/factory_test.go | 12 ++-- pkg/referrerstore/mocks/memory_store.go | 8 +-- pkg/referrerstore/mocks/types.go | 8 +-- pkg/referrerstore/oras/cache.go | 12 ++-- pkg/referrerstore/oras/cache_test.go | 10 +-- pkg/referrerstore/oras/cosign.go | 6 +- pkg/referrerstore/oras/cosign_test.go | 12 ++-- pkg/referrerstore/oras/oras.go | 32 ++++----- pkg/referrerstore/oras/oras_test.go | 10 +-- pkg/referrerstore/oras/utils.go | 2 +- pkg/referrerstore/oras/utils_test.go | 2 +- pkg/referrerstore/plugin/args.go | 2 +- pkg/referrerstore/plugin/plugin.go | 12 ++-- pkg/referrerstore/plugin/plugin_test.go | 4 +- pkg/referrerstore/plugin/skel/skel.go | 14 ++-- pkg/referrerstore/plugin/skel/skel_test.go | 12 ++-- pkg/referrerstore/types/types.go | 4 +- pkg/referrerstore/utils/utils.go | 10 +-- pkg/referrerstore/utils/utils_test.go | 6 +- pkg/utils/azureauth/authenticationUtils.go | 2 +- pkg/utils/certificateUtil_test.go | 2 +- pkg/utils/certificateUtils.go | 2 +- pkg/utils/test_utils.go | 2 +- pkg/utils/utils.go | 4 +- pkg/utils/utils_test.go | 2 +- pkg/verifier/api.go | 6 +- pkg/verifier/config/config.go | 4 +- pkg/verifier/cosign/cosign.go | 24 +++---- pkg/verifier/cosign/cosign_test.go | 14 ++-- pkg/verifier/cosign/trustpolicies.go | 2 +- pkg/verifier/cosign/trustpolicies_test.go | 68 +++++++++---------- pkg/verifier/cosign/trustpolicy.go | 6 +- pkg/verifier/cosign/trustpolicy_test.go | 4 +- pkg/verifier/factory/factory.go | 14 ++-- pkg/verifier/factory/factory_test.go | 18 ++--- pkg/verifier/mocks/types.go | 6 +- pkg/verifier/notation/notation.go | 24 +++---- pkg/verifier/notation/notation_test.go | 14 ++-- pkg/verifier/notation/truststore.go | 8 +-- pkg/verifier/notation/truststore_test.go | 2 +- pkg/verifier/plugin/args.go | 2 +- pkg/verifier/plugin/plugin.go | 18 ++--- pkg/verifier/plugin/plugin_test.go | 6 +- pkg/verifier/plugin/skel/skel.go | 22 +++--- pkg/verifier/plugin/skel/skel_test.go | 18 ++--- pkg/verifier/types/types.go | 2 +- pkg/verifier/utils/utils.go | 2 +- pkg/verifiercache/api.go | 2 +- pkg/verifiercache/memory/memorycache.go | 2 +- plugins/referrerstore/sample/sample.go | 8 +-- .../verifier/licensechecker/licensechecker.go | 16 ++--- plugins/verifier/sample/sample.go | 12 ++-- plugins/verifier/sbom/sbom.go | 14 ++-- plugins/verifier/sbom/sbom_test.go | 2 +- .../schemavalidator/schema_validator.go | 14 ++-- .../vulnerability_report.go | 14 ++-- .../vulnerability_report_test.go | 8 +-- test/bats/quickstart-test.bats | 4 +- 210 files changed, 848 insertions(+), 842 deletions(-) diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index f79f4b2f4..8af578658 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -56,7 +56,7 @@ jobs: docker buildx create --use docker buildx build -f ./httpserver/Dockerfile \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.baseref }}:${{ steps.prepare.outputs.version }} \ -t ${{ steps.prepare.outputs.baseref }} \ @@ -70,7 +70,7 @@ jobs: --build-arg build_licensechecker=true \ --build-arg build_schemavalidator=true \ --build-arg build_vulnerabilityreport=true \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.ref }}:${{ steps.prepare.outputs.version }} \ -t ${{ steps.prepare.outputs.ref }} \ diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 911f09bae..186395bd2 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -55,7 +55,7 @@ jobs: docker buildx create --use docker buildx build -f ./httpserver/Dockerfile \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.baseref }} \ --push . @@ -68,7 +68,7 @@ jobs: --build-arg build_licensechecker=true \ --build-arg build_schemavalidator=true \ --build-arg build_vulnerabilityreport=true \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.ref }} \ --push . diff --git a/.goreleaser.yml b/.goreleaser.yml index 994d94350..4d7daf6c7 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -19,7 +19,7 @@ builds: - goos: windows goarch: arm64 ldflags: - - -w -X github.com/deislabs/ratify/internal/version.GitTag={{.Version}} -X github.com/deislabs/ratify/internal/version.GitCommitHash={{.FullCommit}} + - -w -X github.com/ratify-project/ratify/internal/version.GitTag={{.Version}} -X github.com/ratify-project/ratify/internal/version.GitCommitHash={{.FullCommit}} - id: sbom dir: plugins/verifier/sbom diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index df4140815..a78ac3759 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Welcome! We are very happy to accept community contributions to Ratify, whether ## Pull Requests -If you'd like to start contributing to Ratify, you can search for issues tagged as "good first issue" [here](https://github.com/deislabs/ratify/labels/good%20first%20issue). +If you'd like to start contributing to Ratify, you can search for issues tagged as "good first issue" [here](https://github.com/ratify-project/ratify/labels/good%20first%20issue). We use the `dev` branch as the our default branch. PRs passing the basic set of validation can be merged to the `dev` branch, we then run the full suite of validation including cloud specific tests on `dev` before changes can be merged into `main`. All ratify release are cut from the `main` branch. A sample PR process is outlined below: 1. Fork this repo and create your dev branch from default `dev` branch. @@ -148,7 +148,7 @@ Sample JSON stdin Press `Ctrl+D` to send EOF character to terminate the stdin input. (Note: you may have to press `Ctrl+D` twice) -View more plugin debugging information [here](https://github.com/deislabs/ratify-verifier-plugin#debugging-in-vs-code) +View more plugin debugging information [here](https://github.com/ratify-project/ratify-verifier-plugin#debugging-in-vs-code) ### Test local changes in the k8s cluster scenario @@ -161,14 +161,14 @@ Follow the steps below to build and deploy a Ratify image with your private chan export REGISTRY=yourregistry docker buildx create --use -docker buildx build -f httpserver/Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/deislabs/ratify:yourtag . +docker buildx build -f httpserver/Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/ratify-project/ratify:yourtag . docker build --progress=plain --build-arg KUBE_VERSION="1.29.2" --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t ${REGISTRY}/localbuildcrd:yourtag ./charts/ratify/crds ``` #### [Authenticate](https://docs.docker.com/engine/reference/commandline/login/#usage) with your registry, and push the newly built image ```bash -docker push ${REGISTRY}/deislabs/ratify:yourtag +docker push ${REGISTRY}/ratify-project/ratify:yourtag docker push ${REGISTRY}/localbuildcrd:yourtag ``` @@ -196,16 +196,16 @@ Development charts + images are published weekly and latest versions are tagged Deploy to cluster: ```bash -helmfile sync -f git::https://github.com/deislabs/ratify.git@dev.helmfile.yaml +helmfile sync -f git::https://github.com/ratify-project/ratify.git@dev.helmfile.yaml ``` ### Deploy from local helm chart -#### Update [values.yaml](https://github.com/deislabs/ratify/blob/main/charts/ratify/values.yaml) to pull from your registry, when reusing image tag, setting pull policy to "Always" ensures we are pull the new changes +#### Update [values.yaml](https://github.com/ratify-project/ratify/blob/main/charts/ratify/values.yaml) to pull from your registry, when reusing image tag, setting pull policy to "Always" ensures we are pull the new changes ```json image: - repository: yourregistry/deislabs/ratify + repository: yourregistry/ratify-project/ratify tag: yourtag pullPolicy: Always ``` @@ -314,13 +314,13 @@ If you'd like to contribute to the collection of plugins: ## Feature Suggestions -* Please first search [Open Ratify Issues](https://github.com/deislabs/ratify/issues) before opening an issue to check whether your feature has already been suggested. If it has, feel free to add your own comments to the existing issue. +* Please first search [Open Ratify Issues](https://github.com/ratify-project/ratify/issues) before opening an issue to check whether your feature has already been suggested. If it has, feel free to add your own comments to the existing issue. * Ensure you have included a "What?" - what your feature entails, being as specific as possible, and giving mocked-up syntax examples where possible. * Ensure you have included a "Why?" - what the benefit of including this feature will be. ## Bug Reports -* Please first search [Open Ratify Issues](https://github.com/deislabs/ratify/issues) before opening an issue, to see if it has already been reported. +* Please first search [Open Ratify Issues](https://github.com/ratify-project/ratify/issues) before opening an issue, to see if it has already been reported. * Try to be as specific as possible, including the version of the Ratify CLI used to reproduce the issue, and any example arguments needed to reproduce it. ## CLA diff --git a/Makefile b/Makefile index 3801ecd55..d57370583 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ BINARY_NAME = ratify INSTALL_DIR = ~/.ratify CERT_DIR = ${GITHUB_WORKSPACE}/tls/certs -GO_PKG = github.com/deislabs/ratify +GO_PKG = github.com/ratify-project/ratify GIT_COMMIT_HASH = $(shell git rev-parse HEAD) GIT_TREE_STATE = $(shell test -n "`git status --porcelain`" && echo "modified" || echo "unmodified") GIT_TAG = $(shell git describe --tags --abbrev=0 --exact-match 2>/dev/null) @@ -75,17 +75,17 @@ build: build-cli build-plugins .PHONY: build-cli build-cli: fmt vet go build --ldflags="$(LDFLAGS)" -cover \ - -coverpkg=github.com/deislabs/ratify/pkg/...,github.com/deislabs/ratify/config/...,github.com/deislabs/ratify/cmd/... \ + -coverpkg=github.com/ratify-project/ratify/pkg/...,github.com/ratify-project/ratify/config/...,github.com/ratify-project/ratify/cmd/... \ -o ./bin/${BINARY_NAME} ./cmd/${BINARY_NAME} .PHONY: build-plugins build-plugins: - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/licensechecker/... -o ./bin/plugins/ ./plugins/verifier/licensechecker - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sample/... -o ./bin/plugins/ ./plugins/verifier/sample - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/referrerstore/sample/... -o ./bin/plugins/referrerstore/ ./plugins/referrerstore/sample - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sbom/... -o ./bin/plugins/ ./plugins/verifier/sbom - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/schemavalidator/... -o ./bin/plugins/ ./plugins/verifier/schemavalidator - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/vulnerabilityreport/... -o ./bin/plugins/ ./plugins/verifier/vulnerabilityreport + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/licensechecker/... -o ./bin/plugins/ ./plugins/verifier/licensechecker + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/sample/... -o ./bin/plugins/ ./plugins/verifier/sample + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/referrerstore/sample/... -o ./bin/plugins/referrerstore/ ./plugins/referrerstore/sample + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/sbom/... -o ./bin/plugins/ ./plugins/verifier/sbom + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/schemavalidator/... -o ./bin/plugins/ ./plugins/verifier/schemavalidator + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/vulnerabilityreport/... -o ./bin/plugins/ ./plugins/verifier/vulnerabilityreport .PHONY: install install: @@ -572,7 +572,7 @@ load-local-ratify-image: kind load docker-image --name kind localbuild:test e2e-helmfile-deploy-released-ratify: - ./.staging/helmfilebin/helmfile sync -f git::https://github.com/deislabs/ratify.git@helmfile.yaml + ./.staging/helmfilebin/helmfile sync -f git::https://github.com/ratify-project/ratify.git@helmfile.yaml e2e-helm-deploy-ratify: printf "{\n\t\"auths\": {\n\t\t\"registry:5000\": {\n\t\t\t\"auth\": \"`echo "${TEST_REGISTRY_USERNAME}:${TEST_REGISTRY_PASSWORD}" | tr -d '\n' | base64 -i -w 0`\"\n\t\t}\n\t}\n}" > mount_config.json diff --git a/README.md b/README.md index 5efef3314..20daa0dfb 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create. -[![Go Report Card](https://goreportcard.com/badge/github.com/deislabs/ratify)](https://goreportcard.com/report/github.com/deislabs/ratify) -[![build-pr](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify) +[![Go Report Card](https://goreportcard.com/badge/github.com/ratify-project/ratify)](https://goreportcard.com/report/github.com/ratify-project/ratify) +[![build-pr](https://github.com/ratify-project/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/ratify-project/ratify/actions/workflows/build-pr.yml) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ratify-project/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/ratify-project/ratify) [![Go Reference](https://pkg.go.dev/badge/github.com/deislabs/ratify.svg)](https://pkg.go.dev/github.com/deislabs/ratify) ## Table of Contents diff --git a/RELEASES.md b/RELEASES.md index 739401f67..bbf03b1ac 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -45,10 +45,10 @@ Applicable fixes, including security fixes, may be backported to supported relea ### Minor releases -When a minor release is required, the release commits should be merged with the `main` branch when ready. +When a minor release is required, the release commits should be merged with the `main` branch when ready. - - Alpha and Beta releases will be cut from the main branch. - - For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`. +* Alpha and Beta releases will be cut from the main branch. +* For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`.S ### Major releases @@ -56,7 +56,7 @@ When a major release is required, the release commits should be merged with the ### Tag and Release -**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): +**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/ratify-project/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): * The release will be marked as a draft to allow an final editing before publishing. * The release notes and other fields can edited after the action completes. The description can be in Markdown. @@ -65,6 +65,7 @@ When a major release is required, the release commits should be merged with the * The files are named `ratify_--__` with `.zip` files for Windows and `.tar.gz` for all others. ## Supported Releases + Applicable fixes, including security fixes, may be cherry-picked into the release branch, depending on severity and feasibility. Patch releases are cut from that branch as needed. We expect to "support" n (current). "Support" means we expect users to be running that version in production. For example, when v1.2 comes out, v1.1 will no longer be supported for patches, and we encourage users to upgrade to a supported version as soon as possible. @@ -73,7 +74,7 @@ We expect to "support" n (current). "Support" means we expect users to be runnin Ratify is assumed to be compatible with [GateKeeper Supported Versions](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/Release_Management.md#supported-releases) and the [current Kubernetes Supported Versions](https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches) per [Kubernetes Supported Versions policy](https://kubernetes.io/releases/version-skew-policy/). -For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). +For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). ## Post Release Activity @@ -82,23 +83,27 @@ After a successful release, please manually trigger [quick start action](.github ### Weekly Dev Release #### Publishing Guidelines -- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). -- Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. -- Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` - - Go to the `Actions` tab for the Ratify repository - - Select `publish-ghcr` option from list of workflows on left pane - - Select the `Run workflow` drop down on the right side above the list of action runs - - Choose `Branch: main` - - Select `Run workflow` -- Process to Request an off-schedule dev build be published - - Submit a new feature request issue prefixed with `[Dev Build Request]` - - In the the `What this PR does / why we need it` section, briefly explain why an off schedule build is needed - - Once issue is created, post in the `#ratify` slack channel and tag the maintainers - - Maintainers should acknowledge request by approving/denying request as a follow up comment + +* Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). +* Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. +* Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` + * Go to the `Actions` tab for the Ratify repository + * Select `publish-ghcr` option from list of workflows on left pane + * Select the `Run workflow` drop down on the right side above the list of action runs + * Choose `Branch: main` + * Select `Run workflow` +* Process to Request an off-schedule dev build be published + * Submit a new feature request issue prefixed with `[Dev Build Request]` + * In the the `What this PR does / why we need it` section, briefly explain why an off schedule build is needed + * Once issue is created, post in the `#ratify` slack channel and tag the maintainers + * Maintainers should acknowledge request by approving/denying request as a follow up comment + #### How to use a dev build + 1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-dev) and [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-crds-dev). 2. the `repository` `crdRepository` and `tag` fields must be updated in the helm chart to point to dev build instead of last released build. Please set the tag to be latest tag found at the corresponding `-dev` suffixed package. An example install command scaffold: -``` + +```bash helm install ratify \ ./charts/ratify --atomic \ --namespace gatekeeper-system \ @@ -107,4 +112,5 @@ helm install ratify \ --set image.tag=dev.. --set-file notationCerts[0]=./test/testdata/notation.crt ``` + NOTE: the tag field is the only value that will change when updating to newer dev build images diff --git a/ROADMAP.md b/ROADMAP.md index 9b444c848..b98c8f72f 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -10,7 +10,7 @@ This document presents the roadmap of Ratify that translates our strategy into p ## Milestones -The Ratify roadmap is divided into milestones, each with a set of features (high level) and timeline. The milestones marked as `Tentative` are subject to change based on the project’s priorities and the community’s feedback. We will prioritize releases for security or urgent fixes, so the roadmap may be adjusted and new features may be postponed to the next milestone. Any dates and features listed below in a given milestone are subject to change. See the [GitHub milestones](https://github.com/deislabs/ratify/milestones?state=open) for the most up-to-date issues and their status. We are targeting to release a new Ratify version every 3 or 4 months. +The Ratify roadmap is divided into milestones, each with a set of features (high level) and timeline. The milestones marked as `Tentative` are subject to change based on the project’s priorities and the community’s feedback. We will prioritize releases for security or urgent fixes, so the roadmap may be adjusted and new features may be postponed to the next milestone. Any dates and features listed below in a given milestone are subject to change. See the [GitHub milestones](https://github.com/ratify-project/ratify/milestones?state=open) for the most up-to-date issues and their status. We are targeting to release a new Ratify version every 3 or 4 months. ### v1.0 @@ -18,7 +18,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Released date**: Sep 27, 2023 -**Release link**: [v1.0.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.0.0) +**Release link**: [v1.0.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.0.0) **Major features** @@ -34,7 +34,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Release date**: Dec 12, 2023 -**Release link**: [v1.1.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.1.0) +**Release link**: [v1.1.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.1.0) **Major features** @@ -48,7 +48,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Target date**: May 31, 2024 -**Release link**: [v1.2.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.2.0) +**Release link**: [v1.2.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.2.0) **major features** @@ -56,7 +56,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high - OCI v1.1 compliance - Cosign signatures verification using keys in AKV -See details in [GitHub milestone v1.2.0](https://github.com/deislabs/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.2.0). +See details in [GitHub milestone v1.2.0](https://github.com/ratify-project/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.2.0). ### v1.3 @@ -72,7 +72,7 @@ See details in [GitHub milestone v1.2.0](https://github.com/deislabs/ratify/issu - Notary Project signature verification with Time-stamping support - Signing Certificate/key rotation support -See details in [GitHub milestone v1.3.0](https://github.com/deislabs/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.3.0). +See details in [GitHub milestone v1.3.0](https://github.com/ratify-project/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.3.0). ### v1.4 diff --git a/api/v1alpha1/certificatestore_conversion.go b/api/v1alpha1/certificatestore_conversion.go index 8fc433a24..76e9cc876 100644 --- a/api/v1alpha1/certificatestore_conversion.go +++ b/api/v1alpha1/certificatestore_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/doc.go b/api/v1alpha1/doc.go index 5f12afe87..dd50563c2 100644 --- a/api/v1alpha1/doc.go +++ b/api/v1alpha1/doc.go @@ -14,5 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +k8s:conversion-gen=github.com/deislabs/ratify/api/unversioned +// +k8s:conversion-gen=github.com/ratify-project/ratify/api/unversioned package v1alpha1 diff --git a/api/v1alpha1/policy_conversion.go b/api/v1alpha1/policy_conversion.go index b67653eb4..4f406de60 100644 --- a/api/v1alpha1/policy_conversion.go +++ b/api/v1alpha1/policy_conversion.go @@ -17,8 +17,8 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" - "github.com/deislabs/ratify/internal/constants" + unversioned "github.com/ratify-project/ratify/api/unversioned" + "github.com/ratify-project/ratify/internal/constants" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/policy_conversion_test.go b/api/v1alpha1/policy_conversion_test.go index 862e16c63..8a6dba65c 100644 --- a/api/v1alpha1/policy_conversion_test.go +++ b/api/v1alpha1/policy_conversion_test.go @@ -20,8 +20,8 @@ import ( "reflect" "testing" - unversioned "github.com/deislabs/ratify/api/unversioned" - "github.com/deislabs/ratify/internal/constants" + unversioned "github.com/ratify-project/ratify/api/unversioned" + "github.com/ratify-project/ratify/internal/constants" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/api/v1alpha1/store_conversion.go b/api/v1alpha1/store_conversion.go index ca8ec8b7e..ddf9ba309 100644 --- a/api/v1alpha1/store_conversion.go +++ b/api/v1alpha1/store_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/verifier_conversion.go b/api/v1alpha1/verifier_conversion.go index 77d185f06..257709118 100644 --- a/api/v1alpha1/verifier_conversion.go +++ b/api/v1alpha1/verifier_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/zz_generated.conversion.go b/api/v1alpha1/zz_generated.conversion.go index d0311a1fb..467a815ca 100644 --- a/api/v1alpha1/zz_generated.conversion.go +++ b/api/v1alpha1/zz_generated.conversion.go @@ -23,7 +23,7 @@ package v1alpha1 import ( unsafe "unsafe" - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/api/v1beta1/doc.go b/api/v1beta1/doc.go index 7d2226e2b..c5e4175d4 100644 --- a/api/v1beta1/doc.go +++ b/api/v1beta1/doc.go @@ -14,5 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +k8s:conversion-gen=github.com/deislabs/ratify/api/unversioned +// +k8s:conversion-gen=github.com/ratify-project/ratify/api/unversioned package v1beta1 diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go index 5b0bd36fb..fafb65bab 100644 --- a/api/v1beta1/zz_generated.conversion.go +++ b/api/v1beta1/zz_generated.conversion.go @@ -23,7 +23,7 @@ package v1beta1 import ( unsafe "unsafe" - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" diff --git a/charts/ratify/Chart.yaml b/charts/ratify/Chart.yaml index 57fba1d69..e17cd5407 100644 --- a/charts/ratify/Chart.yaml +++ b/charts/ratify/Chart.yaml @@ -3,5 +3,5 @@ name: ratify description: A Helm chart for Ratify version: 1.13.0 appVersion: v1.2.0 -home: https://github.com/deislabs/ratify -icon: https://raw.githubusercontent.com/deislabs/ratify/main/logo.svg +home: https://github.com/ratify-project/ratify +icon: https://raw.githubusercontent.com/ratify-project/ratify/main/logo.svg diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 862ae8ca9..84b52b238 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -38,8 +38,8 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | Parameter | Description | Default | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| image.repository | Ratify app image | `ghcr.io/deislabs/ratify` | -| image.crdrepository | Ratify CRD install Image | `ghcr.io/deislabs/ratify-crds` | +| image.repository | Ratify app image | `ghcr.io/ratify-project/ratify` | +| image.crdrepository | Ratify CRD install Image | `ghcr.io/ratify-project/ratify-crds` | | image.tag | Image tag | `` | | image.pullPolicy | Image pull policy | `IfNotPresent` | | nameOverride | Overrides the ratify.name used to determine the ratify full name template | `` | diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index b1ad2efe4..8e0e74f40 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -1,6 +1,6 @@ image: - repository: ghcr.io/deislabs/ratify - crdRepository: ghcr.io/deislabs/ratify-crds + repository: ghcr.io/ratify-project/ratify + crdRepository: ghcr.io/ratify-project/ratify-crds tag: v1.2.0 pullPolicy: IfNotPresent diff --git a/cmd/ratify/cmd/discover.go b/cmd/ratify/cmd/discover.go index c4f61e8ea..e824ec583 100644 --- a/cmd/ratify/cmd/discover.go +++ b/cmd/ratify/cmd/discover.go @@ -22,14 +22,14 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" "github.com/xlab/treeprint" ) diff --git a/cmd/ratify/cmd/referrer.go b/cmd/ratify/cmd/referrer.go index 8520e0f2a..9e87b5ad3 100644 --- a/cmd/ratify/cmd/referrer.go +++ b/cmd/ratify/cmd/referrer.go @@ -22,11 +22,11 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/ocispecs" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/ocispecs" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/resolve.go b/cmd/ratify/cmd/resolve.go index 0ecc87b39..b12e90428 100644 --- a/cmd/ratify/cmd/resolve.go +++ b/cmd/ratify/cmd/resolve.go @@ -22,11 +22,11 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/root.go b/cmd/ratify/cmd/root.go index d52637b29..04f8ca858 100644 --- a/cmd/ratify/cmd/root.go +++ b/cmd/ratify/cmd/root.go @@ -16,8 +16,8 @@ limitations under the License. package cmd import ( - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/featureflag" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/serve.go b/cmd/ratify/cmd/serve.go index 65ebb513c..9179fa04b 100644 --- a/cmd/ratify/cmd/serve.go +++ b/cmd/ratify/cmd/serve.go @@ -20,11 +20,11 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/httpserver" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/manager" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/httpserver" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/manager" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/verify.go b/cmd/ratify/cmd/verify.go index 170014133..a6e2f29fc 100644 --- a/cmd/ratify/cmd/verify.go +++ b/cmd/ratify/cmd/verify.go @@ -20,15 +20,15 @@ import ( "errors" "fmt" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/internal/logger" - e "github.com/deislabs/ratify/pkg/executor" - ef "github.com/deislabs/ratify/pkg/executor/core" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" - vf "github.com/deislabs/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/logger" + e "github.com/ratify-project/ratify/pkg/executor" + ef "github.com/ratify-project/ratify/pkg/executor/core" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/version.go b/cmd/ratify/cmd/version.go index 9a5fbd0a9..2cc89c0e3 100644 --- a/cmd/ratify/cmd/version.go +++ b/cmd/ratify/cmd/version.go @@ -18,7 +18,7 @@ import ( "runtime" "strings" - "github.com/deislabs/ratify/internal/version" + "github.com/ratify-project/ratify/internal/version" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/main.go b/cmd/ratify/main.go index cafaaaf9f..f51315c68 100644 --- a/cmd/ratify/main.go +++ b/cmd/ratify/main.go @@ -18,14 +18,14 @@ package main import ( "os" - "github.com/deislabs/ratify/cmd/ratify/cmd" - _ "github.com/deislabs/ratify/pkg/cache/dapr" // register dapr cache - _ "github.com/deislabs/ratify/pkg/cache/ristretto" // register ristretto cache - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" // register configpolicy policy provider - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" // register regopolicy policy provider - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" // register oras referrer store - _ "github.com/deislabs/ratify/pkg/verifier/cosign" // register cosign verifier - _ "github.com/deislabs/ratify/pkg/verifier/notation" // register notation verifier + "github.com/ratify-project/ratify/cmd/ratify/cmd" + _ "github.com/ratify-project/ratify/pkg/cache/dapr" // register dapr cache + _ "github.com/ratify-project/ratify/pkg/cache/ristretto" // register ristretto cache + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" // register configpolicy policy provider + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" // register regopolicy policy provider + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" // register oras referrer store + _ "github.com/ratify-project/ratify/pkg/verifier/cosign" // register cosign verifier + _ "github.com/ratify-project/ratify/pkg/verifier/notation" // register notation verifier ) func main() { diff --git a/config/config.go b/config/config.go index 901a0eb74..7bc3e0f9f 100644 --- a/config/config.go +++ b/config/config.go @@ -24,20 +24,20 @@ import ( "path/filepath" "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/internal/logger" - exConfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/policyprovider" - pcConfig "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/referrerstore" - rsConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/verifier" - vfConfig "github.com/deislabs/ratify/pkg/verifier/config" - vf "github.com/deislabs/ratify/pkg/verifier/factory" "github.com/pkg/errors" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/logger" + exConfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/policyprovider" + pcConfig "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/referrerstore" + rsConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/verifier" + vfConfig "github.com/ratify-project/ratify/pkg/verifier/config" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" "github.com/sirupsen/logrus" ) diff --git a/config/configManager.go b/config/configManager.go index a507d3228..cce09c602 100644 --- a/config/configManager.go +++ b/config/configManager.go @@ -20,9 +20,9 @@ import ( "os" "time" - ef "github.com/deislabs/ratify/pkg/executor/core" "github.com/fsnotify/fsnotify" "github.com/pkg/errors" + ef "github.com/ratify-project/ratify/pkg/executor/core" "github.com/sirupsen/logrus" ) diff --git a/docs/design/Authentication Provider Support For ORAS Store.md b/docs/design/Authentication Provider Support For ORAS Store.md index 378e31a1b..fa7b63eb3 100644 --- a/docs/design/Authentication Provider Support For ORAS Store.md +++ b/docs/design/Authentication Provider Support For ORAS Store.md @@ -4,7 +4,7 @@ Author: Akash Singhal (@akashsinghal) General Design Document for [Ratify Auth](https://hackmd.io/LFWPWM7wT_icfIPZbuax0Q#Auth-using-metadata-service-endpoint-in-k8s) -Linked PR: https://github.com/deislabs/ratify/pull/123 +Linked PR: https://github.com/ratify-project/ratify/pull/123 ## Goals @@ -153,7 +153,7 @@ type OrasStoreConf struct { } ``` -Update `Create` [method](https://github.com/deislabs/ratify/blob/6edd4ceedc21cf704857eae56b2197e0e28f0f93/pkg/referrerstore/oras/oras.go#L68) in oras.go +Update `Create` [method](https://github.com/ratify-project/ratify/blob/6edd4ceedc21cf704857eae56b2197e0e28f0f93/pkg/referrerstore/oras/oras.go#L68) in oras.go ``` func (s *orasStoreFactory) Create(version string, storeConfig config.StorePluginConfig) (referrerstore.ReferrerStore, error) { diff --git a/docs/design/Config Policy Provider Refactor.md b/docs/design/Config Policy Provider Refactor.md index f09e86679..c3fab1c6b 100644 --- a/docs/design/Config Policy Provider Refactor.md +++ b/docs/design/Config Policy Provider Refactor.md @@ -13,7 +13,7 @@ We'd like to redesign the `configPolicy` provider to enhance the Ratify while ad # Design Considerations -The new policy provider should cover but not limited to address these issues: [#351](https://github.com/deislabs/ratify/issues/351), [#528](https://github.com/deislabs/ratify/issues/528), [#448](https://github.com/deislabs/ratify/issues/448), [35](https://github.com/deislabs/ratify/issues/35) +The new policy provider should cover but not limited to address these issues: [#351](https://github.com/ratify-project/ratify/issues/351), [#528](https://github.com/ratify-project/ratify/issues/528), [#448](https://github.com/ratify-project/ratify/issues/448), [35](https://github.com/ratify-project/ratify/issues/35) ## Targets 1. Avoid introducing breaking changes to existing interfaces. diff --git a/docs/design/Cosign Upgrade 2024.md b/docs/design/Cosign Upgrade 2024.md index 30912ddc1..03782ae63 100644 --- a/docs/design/Cosign Upgrade 2024.md +++ b/docs/design/Cosign Upgrade 2024.md @@ -2,9 +2,9 @@ Author: Akash Singhal (@akashsinghal) Tracked issues in scope: -- [Support Cosign verification with multiple keys](https://github.com/deislabs/ratify/issues/1191) -- [Support for Cosign verification with keys managed in KMS](https://github.com/deislabs/ratify/issues/1190) -- [Support Cosign verification with RSA key](https://github.com/deislabs/ratify/issues/1189) +- [Support Cosign verification with multiple keys](https://github.com/ratify-project/ratify/issues/1191) +- [Support for Cosign verification with keys managed in KMS](https://github.com/ratify-project/ratify/issues/1190) +- [Support Cosign verification with RSA key](https://github.com/ratify-project/ratify/issues/1189) Ratify currently supports keyless cosign verification which includes an optional custom Rekor server specification. Transparency log verification only occurs for keyless scenarios. Keyed verification is limited to a single public key specified as a value provided in the helm chart. The chart creates a `Secret` for the cosign key and mounts it at a well-known path in the Ratify container. Users must manually update the `Secret` to update the key. There is no support for multiple keys. There is no support for keys stored KMS. There is only support for ECDSA keys, and not RSA or ED25519. There is no support for certificates. diff --git a/docs/design/Metrics.md b/docs/design/Metrics.md index 010708dd1..b92a95a4d 100644 --- a/docs/design/Metrics.md +++ b/docs/design/Metrics.md @@ -32,7 +32,7 @@ OpenTelemetry exposes configurable providers throughout the metrics workflow: 1. Counter: Value that accumulates over time. (e.g request count, signatures verified) 2. Gauge: Point-in-time value of a continuous data stream (e.g speed, pressure) 3. Histogram: Ratify-side aggregation of measurements. Bascially a complex aggregation of Counters where each bin is bounded from the min value (0) to the upper bin boundary. For example if we had bin boundaries [0, 1, 2, 3, 4, 5] and the measured value is 3.5, then the resulting histogram would be [0, 0, 0, 1, 1]. -- Meter: Wraps a collection of instruments related to a specific scope. In Ratify's case, we'd have a single Meter with all of our instruments. The scope would be the Ratify application (`github.com/deislabs/ratify`) +- Meter: Wraps a collection of instruments related to a specific scope. In Ratify's case, we'd have a single Meter with all of our instruments. The scope would be the Ratify application (`github.com/ratify-project/ratify`) - Exporter: The vendor-specific metric reader implementation. Each exporter is responsible for consuming the metrics published to the data stream according to their vendor specification. The first provider we would support is Prometheus. - View: Defines/overrides the behavior for how metrics should be collected (e.g changing the name of the instrument, changing the bin values of histogram instrument) - Meter Provider: Creates the Meter and binds to the specified metric Exporter. It also is resonsible for mutating the metric data stream according to the Views specified in the options. diff --git a/docs/design/Policy Provider refactor (deprecated).md b/docs/design/Policy Provider refactor (deprecated).md index ca90bdea7..241fca76f 100644 --- a/docs/design/Policy Provider refactor (deprecated).md +++ b/docs/design/Policy Provider refactor (deprecated).md @@ -1,7 +1,7 @@ # Ratify Policy Provider Author: Akash Singhal (@akashsinghal) -Prerequisite: Read through the Executor Policy design section of this [doc](https://github.com/deislabs/ratify/tree/main/docs#executor-policy-specification) for more information on approaches to policy provider. +Prerequisite: Read through the Executor Policy design section of this [doc](https://github.com/ratify-project/ratify/tree/main/docs#executor-policy-specification) for more information on approaches to policy provider. Currently there's no scaffolding for multiple policy providers. The default config policy provider is built in. We need to add support for a policy plugin to be specified and selected. We also need to expand the policy provider plugin diff --git a/docs/design/Ratify Vulnerability Report Verifier.md b/docs/design/Ratify Vulnerability Report Verifier.md index 2eab2e353..a3eb19b88 100644 --- a/docs/design/Ratify Vulnerability Report Verifier.md +++ b/docs/design/Ratify Vulnerability Report Verifier.md @@ -205,7 +205,7 @@ Common policies such as age enforcement and severity filtering can be implemente Currently supports date filtering based on OCI annotation image creation and a list of disallowed severities. -PR can be found [here](https://github.com/deislabs/ratify/pull/1123) +PR can be found [here](https://github.com/ratify-project/ratify/pull/1123) [![asciicast](https://asciinema.org/a/622368.svg)](https://asciinema.org/a/622368) diff --git a/docs/design/Verification Result Cache at Executor Level.md b/docs/design/Verification Result Cache at Executor Level.md index 14ec5b4da..2915e2a0b 100644 --- a/docs/design/Verification Result Cache at Executor Level.md +++ b/docs/design/Verification Result Cache at Executor Level.md @@ -4,7 +4,7 @@ Author: Binbin Li (@binbin-li) ## Background -Jimmy noticed that Gatekeeper audit could trigger tons of requests to Ratify if there are many pods deployed, which might overwhelm the upstream services like remote registries. Related issue: [201](https://github.com/deislabs/ratify/issues/201) However, as the discussion happened offline, the audit result can be cached in api server chache. And we could also configure a new CRD to batch evaluation requests in a single ED request. +Jimmy noticed that Gatekeeper audit could trigger tons of requests to Ratify if there are many pods deployed, which might overwhelm the upstream services like remote registries. Related issue: [201](https://github.com/ratify-project/ratify/issues/201) However, as the discussion happened offline, the audit result can be cached in api server chache. And we could also configure a new CRD to batch evaluation requests in a single ED request. Since the discussion is not finished yet, we'll just focus on how to implement the cache instead of whether we need to have it. @@ -88,7 +88,7 @@ Components that Ratify would change/add: b. A map field that maps overall/registry/repo to a TTL value. c. We also need to determine the default behavior/TTL value if it's not specified. 2. A cache interface and implementation that supports adding and evicting entries automatically. -3. As proposed by Akash in this [issue](https://github.com/deislabs/ratify/issues/507), we can possibly add a cache lock to API cache as well. +3. As proposed by Akash in this [issue](https://github.com/ratify-project/ratify/issues/507), we can possibly add a cache lock to API cache as well. 4. Test on them. ### Stage 2 diff --git a/docs/discussion/Cosign Upgrade Discussion 2024.md b/docs/discussion/Cosign Upgrade Discussion 2024.md index d0c5b5ad9..ee4876d71 100644 --- a/docs/discussion/Cosign Upgrade Discussion 2024.md +++ b/docs/discussion/Cosign Upgrade Discussion 2024.md @@ -2,10 +2,10 @@ Author: Akash Singhal (@akashsinghal) Tracked issues in scope: -- [Support Cosign verification with multiple keys](https://github.com/deislabs/ratify/issues/1191) -- [Support for Cosign verification with keys managed in KMS](https://github.com/deislabs/ratify/issues/1190) -- [Support Cosign verification with RSA key](https://github.com/deislabs/ratify/issues/1189) -- [Support keyless verification with OIDC identities](https://github.com/deislabs/ratify/issues/1323) +- [Support Cosign verification with multiple keys](https://github.com/ratify-project/ratify/issues/1191) +- [Support for Cosign verification with keys managed in KMS](https://github.com/ratify-project/ratify/issues/1190) +- [Support Cosign verification with RSA key](https://github.com/ratify-project/ratify/issues/1189) +- [Support keyless verification with OIDC identities](https://github.com/ratify-project/ratify/issues/1323) Ratify currently supports keyless cosign verification which includes an optional custom Rekor server specification. Transparency log verification only occurs for keyless scenarios. Keyed verification is limited to a single public key specified as a value provided in the helm chart. The chart creates a `Secret` for the cosign key and mounts it at a well-known path in the Ratify container. Users must manually update the `Secret` to update the key. There is no support for multiple keys. There is no support for keys stored KMS. There is only support for ECDSA keys, and not RSA or ED25519. There is no support for certificates. @@ -582,13 +582,13 @@ spec: ### How does `scopes` matching work? -`scopes` are associated per `trustPolicy`. They function to apply on top of a validation image reference and match a SINGLE trust policy to use for verification. Ratify needs to decide how to implement scope matching based on the scenarios to support. Scopes could support regular expressions however they are not as user friendly. Ratify could also define its own domain/repository pattern syntax. Or, Ratify could support both side-by-side; however, this would require having behavior to rectify if both are used at once or used for different policies. The other concern is if multiple trust policies are defined each with scopes that can apply. For example, let's take Trust Policy A which has scope `*` (any image reference works). Then, let's define Trust Policy B with scope `ghcr.io`. Finally, define Trust Policy C with scope `ghcr.io/deislabs/ratify`. If our image to validate has reference: `ghcr.io/deislabs/ratify:v1.2.0`, which Trust Policy should apply? Ideally, we should match to he policy that is most specific first, so Trust Policy C would be selected. +`scopes` are associated per `trustPolicy`. They function to apply on top of a validation image reference and match a SINGLE trust policy to use for verification. Ratify needs to decide how to implement scope matching based on the scenarios to support. Scopes could support regular expressions however they are not as user friendly. Ratify could also define its own domain/repository pattern syntax. Or, Ratify could support both side-by-side; however, this would require having behavior to rectify if both are used at once or used for different policies. The other concern is if multiple trust policies are defined each with scopes that can apply. For example, let's take Trust Policy A which has scope `*` (any image reference works). Then, let's define Trust Policy B with scope `ghcr.io`. Finally, define Trust Policy C with scope `ghcr.io/ratify-project/ratify`. If our image to validate has reference: `ghcr.io/ratify-project/ratify:v1.2.0`, which Trust Policy should apply? Ideally, we should match to he policy that is most specific first, so Trust Policy C would be selected. #### Scenarios to Support 1. Wildcard: `*` 2. Registry wide scope: `ghcr.io` 3. Wildcard registry domain scope: `*.azurecr.io` -4. Intermediate repository paths (repository path may reference a subpath but not an absolute path): `ghcr.io/deislabs/*` +4. Intermediate repository paths (repository path may reference a subpath but not an absolute path): `ghcr.io/ratify-project/*` #### How does notation do this? diff --git a/docs/discussion/Negative test cases for Ratify.md b/docs/discussion/Negative test cases for Ratify.md index ee594c709..e7a63e622 100644 --- a/docs/discussion/Negative test cases for Ratify.md +++ b/docs/discussion/Negative test cases for Ratify.md @@ -104,13 +104,13 @@ time=2023-09-20T13:08:43.696147959Z level=error msg=Error: plugin init failure, ```stdout "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "referenceDigest": "sha256:57be2c1c3d9c23ef7c964bba05c7aa23b525732e9c9af9652654ccc3f4babb0e", "artifactType": "application/vnd.cncf.notary.signature", "verifierReports": [ { "isSuccess": false, - "message": "Original Error: (Original Error: (artifact \"ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b\" has no applicable trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: https://notaryproject.dev/docs/quickstart/#create-a-trust-policy), Error: verify signature failure, Code: VERIFY_SIGNATURE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier, Documentation: https://github.com/notaryproject/notaryproject/tree/main/specs, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier", + "message": "Original Error: (Original Error: (artifact \"ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b\" has no applicable trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: https://notaryproject.dev/docs/quickstart/#create-a-trust-policy), Error: verify signature failure, Code: VERIFY_SIGNATURE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier, Documentation: https://github.com/notaryproject/notaryproject/tree/main/specs, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier", "name": "verifier-notation", "type": "notation", "extensions": null @@ -129,7 +129,7 @@ The image verification fails. ```stdout "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "referenceDigest": "sha256:57be2c1c3d9c23ef7c964bba05c7aa23b525732e9c9af9652654ccc3f4babb0e", "artifactType": "application/vnd.cncf.notary.signature", "verifierReports": [ @@ -151,7 +151,7 @@ The image verification fails. The image verification fails: ```stdout -time=2023-09-22T13:50:40.440640495Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-22T13:50:40.440640495Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { "isSuccess": false, @@ -233,14 +233,14 @@ time=2023-09-21T16:49:39.660797685Z level=info msg=Reconciling Policy configpoli time=2023-09-21T16:49:39.660900987Z level=error msg=failed to get Policy: Policy.config.ratify.deislabs.io "configpolicy" not found time=2023-09-21T16:49:49.266265821Z level=info msg=received request POST /ratify/gatekeeper/v1/mutate time=2023-09-21T16:49:49.266514626Z level=info msg=start request POST /ratify/gatekeeper/v1/mutate component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 -time=2023-09-21T16:49:49.26667593Z level=info msg=mutating image ghcr.io/deislabs/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 +time=2023-09-21T16:49:49.26667593Z level=info msg=mutating image ghcr.io/ratify-project/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 time=2023-09-21T16:49:49.266880934Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 ``` #### TC15 ```stdout -time=2023-09-21T16:24:03.422952769Z level=error msg=Reconciler error Policy=regopolicy controller=policy controllerGroup=config.ratify.deislabs.io controllerKind=Policy error=failed to create policy enforcer: failed to create policy provider: Original Error: (Original Error: (failed to create policy engine: failed to create policy query, err: failed to prepare rego query, err: 1 error occurred: policy.rego:13: rego_unsafe_var_error: var fals is unsafe), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/deislabs/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create OPA engine), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/deislabs/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create policy provider name=regopolicy namespace= reconcileID=71adeaf9-a6f0-4974-88cf-34bd2be47a99 +time=2023-09-21T16:24:03.422952769Z level=error msg=Reconciler error Policy=regopolicy controller=policy controllerGroup=config.ratify.deislabs.io controllerKind=Policy error=failed to create policy enforcer: failed to create policy provider: Original Error: (Original Error: (failed to create policy engine: failed to create policy query, err: failed to prepare rego query, err: 1 error occurred: policy.rego:13: rego_unsafe_var_error: var fals is unsafe), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/ratify-project/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create OPA engine), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/ratify-project/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create policy provider name=regopolicy namespace= reconcileID=71adeaf9-a6f0-4974-88cf-34bd2be47a99 ``` #### TC16 @@ -293,8 +293,8 @@ Ratify Logs: ```stdout time=2023-09-21T20:49:55.965807677Z level=info msg=received request POST /ratify/gatekeeper/v1/mutate time=2023-09-21T20:49:55.965917879Z level=info msg=start request POST /ratify/gatekeeper/v1/mutate component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa -time=2023-09-21T20:49:55.966001082Z level=info msg=mutating image ghcr.io/deislabs/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa -time=2023-09-21T20:49:57.916645653Z level=debug msg=subject descriptor cache miss for value: ghcr.io/deislabs/ratify/notary-image:signed component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa +time=2023-09-21T20:49:55.966001082Z level=info msg=mutating image ghcr.io/ratify-project/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa +time=2023-09-21T20:49:57.916645653Z level=debug msg=subject descriptor cache miss for value: ghcr.io/ratify-project/ratify/notary-image:signed component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.916739655Z level=debug msg=auth cache miss component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.917014862Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.917058964Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa @@ -306,19 +306,19 @@ Audit also begins to fail with timeout of 4.9 second. ```stdout time=2023-09-21T20:52:45.703791311Z level=info msg=received request POST /ratify/gatekeeper/v1/verify time=2023-09-21T20:52:45.703840611Z level=info msg=start request POST /ratify/gatekeeper/v1/verify component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:45.703937712Z level=info msg=verifying subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.604600679Z level=debug msg=subject descriptor cache miss for value: ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:45.703937712Z level=info msg=verifying subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.604600679Z level=debug msg=subject descriptor cache miss for value: ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.604668279Z level=debug msg=auth cache miss component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60472728Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60474728Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60483898Z level=warning msg=Original Error: (Original Error: (Head "https://ghcr.io/v2/deislabs/ratify/notary-image/manifests/sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b": context deadline exceeded), Error: repository operation failure, Code: REPOSITORY_OPERATION_FAILURE, Plugin Name: oras), Error: get subject descriptor failure, Code: GET_SUBJECT_DESCRIPTOR_FAILURE, Plugin Name: oras, Component Type: referrerStore, Detail: failed to resolve the subject descriptor component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60485408Z level=debug msg=cache miss for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60483898Z level=warning msg=Original Error: (Original Error: (Head "https://ghcr.io/v2/ratify-project/ratify/notary-image/manifests/sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b": context deadline exceeded), Error: repository operation failure, Code: REPOSITORY_OPERATION_FAILURE, Plugin Name: oras), Error: get subject descriptor failure, Code: GET_SUBJECT_DESCRIPTOR_FAILURE, Plugin Name: oras, Component Type: referrerStore, Detail: failed to resolve the subject descriptor component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60485408Z level=debug msg=cache miss for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60487278Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60488398Z level=warning msg=unable to insert cache entry for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60490018Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-21T20:52:50.60488398Z level=warning msg=unable to insert cache entry for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60490018Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "isSuccess": false, "message": "verification failed: Error: referrer store failure, Code: REFERRER_STORE_FAILURE, Component Type: referrerStore, Detail: could not resolve descriptor for a subject from any stores" } @@ -362,7 +362,7 @@ time=2023-09-21T22:17:50.216846963Z level=error msg=Error saving value to redis: ```stdout level=error msg=Reconciler error CertificateStore=default/certstore-incorrect-cert controller=certificatestore controllerGroup=config.ratify.deislabs.io controllerKind=CertificateStore error=Error fetching certificates in store certstore-incorrect-cert with inline provider, error: Error: cert invalid, Code: CERT_INVALID, Component Type: certProvider name=certstore-incorrect-cert namespace=default reconcileID=6a444f61-fed0-4d0a-b6e1-08bedbe90712 time=2023-09-22T01:55:54.866028606Z level=warning msg=no certificate fetched for certStore certstore-incorrect-cert component-type=verifier go.version=go1.20.8 trace-id=4b6580f6-8b08-4c0b-a1ab-d4264298a6c9 -time=2023-09-22T01:55:54.866327608Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-22T01:55:54.866327608Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { "isSuccess": false, diff --git a/experimental/generate-protos.sh b/experimental/generate-protos.sh index 92938cf6a..98c4645cd 100644 --- a/experimental/generate-protos.sh +++ b/experimental/generate-protos.sh @@ -20,7 +20,7 @@ protoc \ --proto_path=./ratify/proto/v1 \ --go_out=. \ ---go_opt=module=github.com/deislabs/ratify/experimental \ +--go_opt=module=github.com/ratify-project/ratify/experimental \ --go-grpc_out=. \ ---go-grpc_opt=module=github.com/deislabs/ratify/experimental \ +--go-grpc_opt=module=github.com/ratify-project/ratify/experimental \ ./ratify/proto/v1/*.proto diff --git a/experimental/proto/v1/orchestrator/orchestrator.pb.go b/experimental/proto/v1/orchestrator/orchestrator.pb.go index b1176df88..2372472d0 100644 --- a/experimental/proto/v1/orchestrator/orchestrator.pb.go +++ b/experimental/proto/v1/orchestrator/orchestrator.pb.go @@ -7,8 +7,8 @@ package orchestrator import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/proto/v1/referrerstore/referrerstore.pb.go b/experimental/proto/v1/referrerstore/referrerstore.pb.go index 82400ac96..18c595ae2 100644 --- a/experimental/proto/v1/referrerstore/referrerstore.pb.go +++ b/experimental/proto/v1/referrerstore/referrerstore.pb.go @@ -7,8 +7,8 @@ package referrerstore import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/proto/v1/verifier/verifier.pb.go b/experimental/proto/v1/verifier/verifier.pb.go index b5cab617d..26c9eec34 100644 --- a/experimental/proto/v1/verifier/verifier.pb.go +++ b/experimental/proto/v1/verifier/verifier.pb.go @@ -7,8 +7,8 @@ package verifier import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/ratify/proto/README.md b/experimental/ratify/proto/README.md index 568c6ee86..f060aa28c 100644 --- a/experimental/ratify/proto/README.md +++ b/experimental/ratify/proto/README.md @@ -30,4 +30,4 @@ cd ./experimental ```sh go mod tidy ``` -4. _**Depending on the value of "go_package" for each proto file, you may have to move the generated code to an alternate directory.**_ _e.g. setting the `go_package` to "github.com/deislabs/ratify/experimental/proto/v1/referrerstore" will create such a directory structure. Moving the generated code to {root}/experimental/proto/v1/referrerstore will resolve errors since the project's module is "github.com/deislabs/ratify"_ +4. _**Depending on the value of "go_package" for each proto file, you may have to move the generated code to an alternate directory.**_ _e.g. setting the `go_package` to "github.com/ratify-project/ratify/experimental/proto/v1/referrerstore" will create such a directory structure. Moving the generated code to {root}/experimental/proto/v1/referrerstore will resolve errors since the project's module is "github.com/ratify-project/ratify"_ diff --git a/experimental/ratify/proto/v1/common.proto b/experimental/ratify/proto/v1/common.proto index 311bfd1c3..48d55ea5f 100644 --- a/experimental/ratify/proto/v1/common.proto +++ b/experimental/ratify/proto/v1/common.proto @@ -2,7 +2,7 @@ syntax="proto3"; package common; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/common"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/common"; /* Descriptor holds various properties of an artifact. diff --git a/experimental/ratify/proto/v1/orchestrator.proto b/experimental/ratify/proto/v1/orchestrator.proto index 6b3e6283f..94ddcca73 100644 --- a/experimental/ratify/proto/v1/orchestrator.proto +++ b/experimental/ratify/proto/v1/orchestrator.proto @@ -2,7 +2,7 @@ syntax="proto3"; package orchestrator; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/orchestrator"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/orchestrator"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/experimental/ratify/proto/v1/referrerstore.proto b/experimental/ratify/proto/v1/referrerstore.proto index 61d5f246d..15e191121 100644 --- a/experimental/ratify/proto/v1/referrerstore.proto +++ b/experimental/ratify/proto/v1/referrerstore.proto @@ -2,7 +2,7 @@ syntax="proto3"; package referrerstore; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/referrerstore"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/referrerstore"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/experimental/ratify/proto/v1/verifier.proto b/experimental/ratify/proto/v1/verifier.proto index 19615674f..c9049dd83 100644 --- a/experimental/ratify/proto/v1/verifier.proto +++ b/experimental/ratify/proto/v1/verifier.proto @@ -2,7 +2,7 @@ syntax="proto3"; package verifier; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/verifier"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/verifier"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/go.mod b/go.mod index 66a52e459..f399e9696 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/deislabs/ratify +module github.com/ratify-project/ratify go 1.21 diff --git a/httpserver/Dockerfile b/httpserver/Dockerfile index a0a9f3773..f7f03ed26 100644 --- a/httpserver/Dockerfile +++ b/httpserver/Dockerfile @@ -42,7 +42,7 @@ RUN if [ "$build_schemavalidator" = "true" ]; then go build -o /app/out/plugins/ RUN if [ "$build_vulnerabilityreport" = "true" ]; then go build -o /app/out/plugins/ /app/plugins/verifier/vulnerabilityreport; fi FROM gcr.io/distroless/static:nonroot@sha256:e9ac71e2b8e279a8372741b7a0293afda17650d926900233ec3a7b2b7c22a246 -LABEL org.opencontainers.image.source https://github.com/deislabs/ratify +LABEL org.opencontainers.image.source https://github.com/ratify-project/ratify ARG RATIFY_FOLDER=$HOME/.ratify/ diff --git a/httpserver/context.go b/httpserver/context.go index d7e2f5068..a0c5222b3 100644 --- a/httpserver/context.go +++ b/httpserver/context.go @@ -19,8 +19,8 @@ import ( "context" "net/http" - "github.com/deislabs/ratify/utils" "github.com/docker/distribution/registry/api/errcode" + "github.com/ratify-project/ratify/utils" "github.com/sirupsen/logrus" ) diff --git a/httpserver/handlers.go b/httpserver/handlers.go index 4f4d02aa7..730eb63ea 100644 --- a/httpserver/handlers.go +++ b/httpserver/handlers.go @@ -24,16 +24,16 @@ import ( "sync" "time" - "github.com/deislabs/ratify/errors" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/referrerstore" - pkgUtils "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/utils" + "github.com/ratify-project/ratify/errors" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/referrerstore" + pkgUtils "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/utils" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" ) diff --git a/httpserver/server.go b/httpserver/server.go index 9f3403cf1..782e3c83d 100644 --- a/httpserver/server.go +++ b/httpserver/server.go @@ -29,9 +29,9 @@ import ( "syscall" "time" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/metrics" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/metrics" "github.com/gorilla/mux" "github.com/sirupsen/logrus" diff --git a/httpserver/server_test.go b/httpserver/server_test.go index 1aaf98ecd..96e3feb11 100644 --- a/httpserver/server_test.go +++ b/httpserver/server_test.go @@ -28,19 +28,19 @@ import ( "testing" "time" - ratifyerrors "github.com/deislabs/ratify/errors" - exconfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/core" - "github.com/deislabs/ratify/pkg/ocispecs" - config "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" + ratifyerrors "github.com/ratify-project/ratify/errors" + exconfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/core" + "github.com/ratify-project/ratify/pkg/ocispecs" + config "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" "github.com/sirupsen/logrus" - "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier" ) const testArtifactType string = "test-type1" diff --git a/httpserver/types.go b/httpserver/types.go index 02ad6e744..f307bc55d 100644 --- a/httpserver/types.go +++ b/httpserver/types.go @@ -16,8 +16,8 @@ limitations under the License. package httpserver import ( - "github.com/deislabs/ratify/pkg/executor/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/executor/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" ) const ( diff --git a/httpserver/types_test.go b/httpserver/types_test.go index 51be42151..ce2c359a2 100644 --- a/httpserver/types_test.go +++ b/httpserver/types_test.go @@ -18,8 +18,8 @@ package httpserver import ( "testing" - "github.com/deislabs/ratify/pkg/executor/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/executor/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" ) func TestFromVerifyResult(t *testing.T) { diff --git a/internal/logger/logger.go b/internal/logger/logger.go index b833fa275..6721cd65e 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -22,10 +22,10 @@ import ( "time" logstash "github.com/bshuster-repo/logrus-logstash-hook" - re "github.com/deislabs/ratify/errors" - icontext "github.com/deislabs/ratify/internal/context" dcontext "github.com/docker/distribution/context" "github.com/google/uuid" + re "github.com/ratify-project/ratify/errors" + icontext "github.com/ratify-project/ratify/internal/context" "github.com/sirupsen/logrus" ) diff --git a/pkg/cache/dapr/dapr.go b/pkg/cache/dapr/dapr.go index a0d9a9414..1230a9158 100644 --- a/pkg/cache/dapr/dapr.go +++ b/pkg/cache/dapr/dapr.go @@ -23,10 +23,10 @@ import ( "time" "github.com/dapr/go-sdk/client" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/featureflag" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/featureflag" ) const DaprCacheType = "dapr" diff --git a/pkg/cache/ristretto/ristretto.go b/pkg/cache/ristretto/ristretto.go index 581b98a47..67210d7b9 100644 --- a/pkg/cache/ristretto/ristretto.go +++ b/pkg/cache/ristretto/ristretto.go @@ -22,11 +22,11 @@ import ( "time" "github.com/cespare/xxhash/v2" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" "github.com/dgraph-io/ristretto" "github.com/dgraph-io/ristretto/z" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" ) const RistrettoCacheType = "ristretto" diff --git a/pkg/cache/ristretto/ristretto_test.go b/pkg/cache/ristretto/ristretto_test.go index afb67600b..e2c8f0525 100644 --- a/pkg/cache/ristretto/ristretto_test.go +++ b/pkg/cache/ristretto/ristretto_test.go @@ -22,8 +22,8 @@ import ( "time" "github.com/cespare/xxhash/v2" - "github.com/deislabs/ratify/pkg/cache" "github.com/dgraph-io/ristretto/z" + "github.com/ratify-project/ratify/pkg/cache" ) // TestKeytoHash_Expected tests the keyToHash function diff --git a/pkg/certificateprovider/azurekeyvault/auth.go b/pkg/certificateprovider/azurekeyvault/auth.go index 6dde6afee..4abbbe817 100644 --- a/pkg/certificateprovider/azurekeyvault/auth.go +++ b/pkg/certificateprovider/azurekeyvault/auth.go @@ -25,7 +25,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/utils/azureauth" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" diff --git a/pkg/certificateprovider/azurekeyvault/provider.go b/pkg/certificateprovider/azurekeyvault/provider.go index 473272c1c..17bbd12e3 100644 --- a/pkg/certificateprovider/azurekeyvault/provider.go +++ b/pkg/certificateprovider/azurekeyvault/provider.go @@ -27,11 +27,11 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/certificateprovider" - "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/metrics" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/metrics" "golang.org/x/crypto/pkcs12" kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" @@ -106,7 +106,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.CertificateName, keyvaultURI) // fetch the object from Key Vault - // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details + // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details startTime := time.Now() secretBundle, err := kvClient.GetSecret(ctx, keyvaultURI, keyVaultCert.CertificateName, keyVaultCert.CertificateVersion) diff --git a/pkg/certificateprovider/azurekeyvault/provider_test.go b/pkg/certificateprovider/azurekeyvault/provider_test.go index efadc599f..001c9b75b 100644 --- a/pkg/certificateprovider/azurekeyvault/provider_test.go +++ b/pkg/certificateprovider/azurekeyvault/provider_test.go @@ -26,7 +26,7 @@ import ( kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" "github.com/Azure/go-autorest/autorest/azure" - "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault/types" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" ) diff --git a/pkg/certificateprovider/certificate_provider.go b/pkg/certificateprovider/certificate_provider.go index 5403293fa..cf517f606 100644 --- a/pkg/certificateprovider/certificate_provider.go +++ b/pkg/certificateprovider/certificate_provider.go @@ -21,7 +21,7 @@ import ( "encoding/pem" "fmt" - "github.com/deislabs/ratify/errors" + "github.com/ratify-project/ratify/errors" ) // This is a map containing Cert store configuration including name, tenantID, and cert object information diff --git a/pkg/certificateprovider/certificate_provider_test.go b/pkg/certificateprovider/certificate_provider_test.go index b30ed2ff7..78d70c439 100644 --- a/pkg/certificateprovider/certificate_provider_test.go +++ b/pkg/certificateprovider/certificate_provider_test.go @@ -19,7 +19,7 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" + ratifyerrors "github.com/ratify-project/ratify/errors" "github.com/stretchr/testify/assert" ) diff --git a/pkg/certificateprovider/inline/provider.go b/pkg/certificateprovider/inline/provider.go index d52a07e9e..effdf4d0b 100644 --- a/pkg/certificateprovider/inline/provider.go +++ b/pkg/certificateprovider/inline/provider.go @@ -19,8 +19,8 @@ import ( "context" "crypto/x509" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/certificateprovider" ) const ( diff --git a/pkg/common/oras/authprovider/authprovider.go b/pkg/common/oras/authprovider/authprovider.go index 6d08941ae..c266920da 100644 --- a/pkg/common/oras/authprovider/authprovider.go +++ b/pkg/common/oras/authprovider/authprovider.go @@ -24,11 +24,11 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" "github.com/docker/cli/cli/config" "github.com/docker/cli/cli/config/configfile" "github.com/docker/cli/cli/config/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" ) // This config represents the credentials that should be used diff --git a/pkg/common/oras/authprovider/authprovider_test.go b/pkg/common/oras/authprovider/authprovider_test.go index 98da91d51..1001c319e 100644 --- a/pkg/common/oras/authprovider/authprovider_test.go +++ b/pkg/common/oras/authprovider/authprovider_test.go @@ -22,7 +22,7 @@ import ( "testing" "time" - re "github.com/deislabs/ratify/errors" + re "github.com/ratify-project/ratify/errors" ) const ( diff --git a/pkg/common/oras/authprovider/authproviderfactory.go b/pkg/common/oras/authprovider/authproviderfactory.go index 4536b83e1..08bde422c 100644 --- a/pkg/common/oras/authprovider/authproviderfactory.go +++ b/pkg/common/oras/authprovider/authproviderfactory.go @@ -18,7 +18,7 @@ package authprovider import ( "fmt" - "github.com/deislabs/ratify/errors" + "github.com/ratify-project/ratify/errors" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/oras/authprovider/aws/awsecrbasic.go b/pkg/common/oras/authprovider/aws/awsecrbasic.go index 3349e8372..878feb1a7 100644 --- a/pkg/common/oras/authprovider/aws/awsecrbasic.go +++ b/pkg/common/oras/authprovider/aws/awsecrbasic.go @@ -27,9 +27,9 @@ import ( "github.com/aws/aws-sdk-go-v2/credentials/stscreds" "github.com/aws/aws-sdk-go-v2/service/ecr" "github.com/aws/aws-sdk-go-v2/service/ecr/types" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" - "github.com/deislabs/ratify/pkg/utils/awsauth" "github.com/pkg/errors" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + "github.com/ratify-project/ratify/pkg/utils/awsauth" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/oras/authprovider/azure/azureidentity.go b/pkg/common/oras/authprovider/azure/azureidentity.go index 9e5ee0111..0a5a00e5c 100644 --- a/pkg/common/oras/authprovider/azure/azureidentity.go +++ b/pkg/common/oras/authprovider/azure/azureidentity.go @@ -22,9 +22,9 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" diff --git a/pkg/common/oras/authprovider/azure/azureidentity_test.go b/pkg/common/oras/authprovider/azure/azureidentity_test.go index 3bf0230f1..472e704b9 100644 --- a/pkg/common/oras/authprovider/azure/azureidentity_test.go +++ b/pkg/common/oras/authprovider/azure/azureidentity_test.go @@ -22,8 +22,8 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azcore" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" ) // Verifies that Enabled checks if tenantID is empty or AAD token is empty diff --git a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go index 5541940fa..a40ce4436 100644 --- a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go +++ b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go @@ -21,11 +21,11 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/utils/azureauth" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" diff --git a/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go b/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go index 0ac3ce81d..3695ef65a 100644 --- a/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go +++ b/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go @@ -23,8 +23,8 @@ import ( "time" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" ) // Verifies that Enabled checks if tenantID is empty or AAD token is empty diff --git a/pkg/common/oras/authprovider/azure/const.go b/pkg/common/oras/authprovider/azure/const.go index e0014ea84..b311c02a6 100644 --- a/pkg/common/oras/authprovider/azure/const.go +++ b/pkg/common/oras/authprovider/azure/const.go @@ -18,7 +18,7 @@ package azure import ( "time" - "github.com/deislabs/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/logger" ) const ( diff --git a/pkg/common/oras/authprovider/k8secret_authprovider.go b/pkg/common/oras/authprovider/k8secret_authprovider.go index 10fd74631..50fa03416 100644 --- a/pkg/common/oras/authprovider/k8secret_authprovider.go +++ b/pkg/common/oras/authprovider/k8secret_authprovider.go @@ -24,9 +24,9 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/utils" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/utils" "github.com/docker/cli/cli/config" core "k8s.io/api/core/v1" diff --git a/pkg/common/oras/authprovider/k8secret_authprovider_test.go b/pkg/common/oras/authprovider/k8secret_authprovider_test.go index 52be7957f..8dcc3f142 100644 --- a/pkg/common/oras/authprovider/k8secret_authprovider_test.go +++ b/pkg/common/oras/authprovider/k8secret_authprovider_test.go @@ -20,7 +20,7 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" + ratifyerrors "github.com/ratify-project/ratify/errors" core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" diff --git a/pkg/common/plugin/download.go b/pkg/common/plugin/download.go index 075931c4b..357e47f10 100644 --- a/pkg/common/plugin/download.go +++ b/pkg/common/plugin/download.go @@ -24,11 +24,11 @@ import ( "os" "time" - "github.com/deislabs/ratify/internal/version" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" - commonutils "github.com/deislabs/ratify/pkg/common/utils" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/internal/version" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + commonutils "github.com/ratify-project/ratify/pkg/common/utils" + "github.com/ratify-project/ratify/pkg/ocispecs" "github.com/sirupsen/logrus" "oras.land/oras-go/v2/registry/remote" "oras.land/oras-go/v2/registry/remote/auth" diff --git a/pkg/common/plugin/download_test.go b/pkg/common/plugin/download_test.go index d5dbba0b9..04ae4a767 100644 --- a/pkg/common/plugin/download_test.go +++ b/pkg/common/plugin/download_test.go @@ -19,7 +19,7 @@ import ( "encoding/json" "testing" - "github.com/deislabs/ratify/api/v1beta1" + "github.com/ratify-project/ratify/api/v1beta1" ) func TestParsePluginSource_HandlesJSON(t *testing.T) { diff --git a/pkg/common/plugin/exec.go b/pkg/common/plugin/exec.go index 9cbfdd065..f9f5e08b5 100644 --- a/pkg/common/plugin/exec.go +++ b/pkg/common/plugin/exec.go @@ -27,7 +27,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/logger" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/utils/utils.go b/pkg/common/utils/utils.go index 8efffb1cd..9b1d67f1f 100644 --- a/pkg/common/utils/utils.go +++ b/pkg/common/utils/utils.go @@ -16,8 +16,8 @@ limitations under the License. package utils import ( - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) func OciManifestToReferenceManifest(ociManifest oci.Manifest) ocispecs.ReferenceManifest { diff --git a/pkg/common/utils/utils_test.go b/pkg/common/utils/utils_test.go index 7a35fe980..70931d5dd 100644 --- a/pkg/common/utils/utils_test.go +++ b/pkg/common/utils/utils_test.go @@ -19,8 +19,8 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) const TestArtifactType = "application/vnd.test.artifacttype" diff --git a/pkg/controllers/clusterresource/keymanagementprovider_controller.go b/pkg/controllers/clusterresource/keymanagementprovider_controller.go index f8888ed65..11a32ed81 100644 --- a/pkg/controllers/clusterresource/keymanagementprovider_controller.go +++ b/pkg/controllers/clusterresource/keymanagementprovider_controller.go @@ -22,9 +22,9 @@ import ( "fmt" "maps" - "github.com/deislabs/ratify/internal/constants" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" // register inline key management provider + "github.com/ratify-project/ratify/internal/constants" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" // register inline key management provider apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -32,9 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/predicate" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go b/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go index 459bf83e8..caa20114b 100644 --- a/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go +++ b/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go @@ -20,15 +20,15 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - test "github.com/deislabs/ratify/pkg/utils" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/clusterresource/policy_controller.go b/pkg/controllers/clusterresource/policy_controller.go index 56283e5c9..68a62c5a9 100644 --- a/pkg/controllers/clusterresource/policy_controller.go +++ b/pkg/controllers/clusterresource/policy_controller.go @@ -19,10 +19,10 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/policy_controller_test.go b/pkg/controllers/clusterresource/policy_controller_test.go index eb3713557..43cd5c741 100644 --- a/pkg/controllers/clusterresource/policy_controller_test.go +++ b/pkg/controllers/clusterresource/policy_controller_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/policies" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/policies" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/store_controller.go b/pkg/controllers/clusterresource/store_controller.go index b9cfac901..54cd91ece 100644 --- a/pkg/controllers/clusterresource/store_controller.go +++ b/pkg/controllers/clusterresource/store_controller.go @@ -24,10 +24,10 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/clusterresource/store_controller_test.go b/pkg/controllers/clusterresource/store_controller_test.go index 4123e5e4c..036926fab 100644 --- a/pkg/controllers/clusterresource/store_controller_test.go +++ b/pkg/controllers/clusterresource/store_controller_test.go @@ -21,12 +21,12 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - rs "github.com/deislabs/ratify/pkg/customresources/referrerstores" - "github.com/deislabs/ratify/pkg/utils" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + rs "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + "github.com/ratify-project/ratify/pkg/utils" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/verifier_controller.go b/pkg/controllers/clusterresource/verifier_controller.go index a050dd38e..0eaaa607d 100644 --- a/pkg/controllers/clusterresource/verifier_controller.go +++ b/pkg/controllers/clusterresource/verifier_controller.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/verifier_controller_test.go b/pkg/controllers/clusterresource/verifier_controller_test.go index 525f717b8..827f3620b 100644 --- a/pkg/controllers/clusterresource/verifier_controller_test.go +++ b/pkg/controllers/clusterresource/verifier_controller_test.go @@ -22,11 +22,11 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/certificatestore_controller.go b/pkg/controllers/namespaceresource/certificatestore_controller.go index 3181a085f..20ca16467 100644 --- a/pkg/controllers/namespaceresource/certificatestore_controller.go +++ b/pkg/controllers/namespaceresource/certificatestore_controller.go @@ -18,13 +18,13 @@ import ( "encoding/json" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/certificateprovider" - _ "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault" // register azure keyvault certificate provider - _ "github.com/deislabs/ratify/pkg/certificateprovider/inline" // register inline certificate provider - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/certificateprovider" + _ "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault" // register azure keyvault certificate provider + _ "github.com/ratify-project/ratify/pkg/certificateprovider/inline" // register inline certificate provider + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/controllers/namespaceresource/certificatestore_controller_test.go b/pkg/controllers/namespaceresource/certificatestore_controller_test.go index 0ff499aa7..a3e93fb3d 100644 --- a/pkg/controllers/namespaceresource/certificatestore_controller_test.go +++ b/pkg/controllers/namespaceresource/certificatestore_controller_test.go @@ -20,16 +20,16 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/certificateprovider" - "github.com/deislabs/ratify/pkg/certificateprovider/inline" - "github.com/deislabs/ratify/pkg/controllers" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/pkg/certificateprovider/inline" + "github.com/ratify-project/ratify/pkg/controllers" + test "github.com/ratify-project/ratify/pkg/utils" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/keymanagementprovider_controller.go b/pkg/controllers/namespaceresource/keymanagementprovider_controller.go index b898d38a0..8216dd95b 100644 --- a/pkg/controllers/namespaceresource/keymanagementprovider_controller.go +++ b/pkg/controllers/namespaceresource/keymanagementprovider_controller.go @@ -22,9 +22,9 @@ import ( "fmt" "maps" - "github.com/deislabs/ratify/internal/constants" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" // register inline key management provider + "github.com/ratify-project/ratify/internal/constants" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" // register inline key management provider apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -32,9 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/predicate" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go b/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go index 3504b8cc8..fe0728d6c 100644 --- a/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go +++ b/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go @@ -20,16 +20,16 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - test "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/policy_controller.go b/pkg/controllers/namespaceresource/policy_controller.go index 988bdd3e2..d77e492ae 100644 --- a/pkg/controllers/namespaceresource/policy_controller.go +++ b/pkg/controllers/namespaceresource/policy_controller.go @@ -19,10 +19,10 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/policy_controller_test.go b/pkg/controllers/namespaceresource/policy_controller_test.go index 2764f0faf..d5aa6be1a 100644 --- a/pkg/controllers/namespaceresource/policy_controller_test.go +++ b/pkg/controllers/namespaceresource/policy_controller_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/policies" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/policies" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/store_controller.go b/pkg/controllers/namespaceresource/store_controller.go index af237823b..c021a82ca 100644 --- a/pkg/controllers/namespaceresource/store_controller.go +++ b/pkg/controllers/namespaceresource/store_controller.go @@ -24,10 +24,10 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/namespaceresource/store_controller_test.go b/pkg/controllers/namespaceresource/store_controller_test.go index a66f84b47..54ddeb000 100644 --- a/pkg/controllers/namespaceresource/store_controller_test.go +++ b/pkg/controllers/namespaceresource/store_controller_test.go @@ -19,10 +19,10 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/referrerstores" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/verifier_controller.go b/pkg/controllers/namespaceresource/verifier_controller.go index 3c142f77e..dbbd8ebc7 100644 --- a/pkg/controllers/namespaceresource/verifier_controller.go +++ b/pkg/controllers/namespaceresource/verifier_controller.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/verifier_controller_test.go b/pkg/controllers/namespaceresource/verifier_controller_test.go index 85f9b1f76..c276a9e93 100644 --- a/pkg/controllers/namespaceresource/verifier_controller_test.go +++ b/pkg/controllers/namespaceresource/verifier_controller_test.go @@ -22,10 +22,10 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/resource_map.go b/pkg/controllers/resource_map.go index 7e250322b..2e9c758ee 100644 --- a/pkg/controllers/resource_map.go +++ b/pkg/controllers/resource_map.go @@ -14,10 +14,10 @@ limitations under the License. package controllers import ( - cs "github.com/deislabs/ratify/pkg/customresources/certificatestores" - "github.com/deislabs/ratify/pkg/customresources/policies" - rs "github.com/deislabs/ratify/pkg/customresources/referrerstores" - "github.com/deislabs/ratify/pkg/customresources/verifiers" + cs "github.com/ratify-project/ratify/pkg/customresources/certificatestores" + "github.com/ratify-project/ratify/pkg/customresources/policies" + rs "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" ) var ( diff --git a/pkg/controllers/utils/kmp.go b/pkg/controllers/utils/kmp.go index d0b066827..14f5d72d2 100644 --- a/pkg/controllers/utils/kmp.go +++ b/pkg/controllers/utils/kmp.go @@ -17,11 +17,11 @@ import ( "encoding/json" "fmt" - c "github.com/deislabs/ratify/config" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" - "github.com/deislabs/ratify/pkg/keymanagementprovider/types" + c "github.com/ratify-project/ratify/config" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/types" ) // SpecToKeyManagementProvider creates KeyManagementProvider from KeyManagementProviderSpec config diff --git a/pkg/controllers/utils/kmp_test.go b/pkg/controllers/utils/kmp_test.go index eff43b957..e3223e481 100644 --- a/pkg/controllers/utils/kmp_test.go +++ b/pkg/controllers/utils/kmp_test.go @@ -17,8 +17,8 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" ) func TestSpecToKeyManagementProviderProvider(t *testing.T) { diff --git a/pkg/controllers/utils/policy.go b/pkg/controllers/utils/policy.go index 27014d739..1408972a5 100644 --- a/pkg/controllers/utils/policy.go +++ b/pkg/controllers/utils/policy.go @@ -17,9 +17,9 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" ) func SpecToPolicyEnforcer(raw []byte, policyType string) (policyprovider.PolicyProvider, error) { diff --git a/pkg/controllers/utils/policy_test.go b/pkg/controllers/utils/policy_test.go index 752910cda..d505e9cb2 100644 --- a/pkg/controllers/utils/policy_test.go +++ b/pkg/controllers/utils/policy_test.go @@ -17,10 +17,10 @@ import ( "reflect" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" - "github.com/deislabs/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/policyprovider/config" "k8s.io/apimachinery/pkg/runtime" ) diff --git a/pkg/controllers/utils/store.go b/pkg/controllers/utils/store.go index 2ff0d9f03..d3e5fd2b2 100644 --- a/pkg/controllers/utils/store.go +++ b/pkg/controllers/utils/store.go @@ -17,12 +17,12 @@ import ( "encoding/json" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/controllers" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/controllers" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/utils/store_test.go b/pkg/controllers/utils/store_test.go index 970cf9744..aea018556 100644 --- a/pkg/controllers/utils/store_test.go +++ b/pkg/controllers/utils/store_test.go @@ -17,10 +17,10 @@ import ( "os" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - test "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + test "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier/types" ) const ( diff --git a/pkg/controllers/utils/verifier.go b/pkg/controllers/utils/verifier.go index 33a26aa64..0b2557996 100644 --- a/pkg/controllers/utils/verifier.go +++ b/pkg/controllers/utils/verifier.go @@ -16,13 +16,13 @@ package utils import ( "encoding/json" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - vc "github.com/deislabs/ratify/pkg/verifier/config" - vf "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + vc "github.com/ratify-project/ratify/pkg/verifier/config" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/controllers" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/controllers" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/utils/verifier_test.go b/pkg/controllers/utils/verifier_test.go index 80e8f548b..8ccf9a6d7 100644 --- a/pkg/controllers/utils/verifier_test.go +++ b/pkg/controllers/utils/verifier_test.go @@ -17,12 +17,12 @@ import ( "os" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - test "github.com/deislabs/ratify/pkg/utils" - vc "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + test "github.com/ratify-project/ratify/pkg/utils" + vc "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/types" ) const ( diff --git a/pkg/customresources/certificatestores/certificatestores.go b/pkg/customresources/certificatestores/certificatestores.go index f23c60af1..1bea741bc 100644 --- a/pkg/customresources/certificatestores/certificatestores.go +++ b/pkg/customresources/certificatestores/certificatestores.go @@ -21,10 +21,10 @@ import ( "strings" "sync" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/utils" - vu "github.com/deislabs/ratify/pkg/verifier/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/utils" + vu "github.com/ratify-project/ratify/pkg/verifier/utils" ) // ActiveCertStores implements the CertStoreManager interface diff --git a/pkg/customresources/certificatestores/certificatestores_test.go b/pkg/customresources/certificatestores/certificatestores_test.go index 7b0d0a898..4e45e9f92 100644 --- a/pkg/customresources/certificatestores/certificatestores_test.go +++ b/pkg/customresources/certificatestores/certificatestores_test.go @@ -24,9 +24,9 @@ import ( "testing" "time" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/customresources/policies/api.go b/pkg/customresources/policies/api.go index 92d87ee75..8ad1170ea 100644 --- a/pkg/customresources/policies/api.go +++ b/pkg/customresources/policies/api.go @@ -15,7 +15,7 @@ limitations under the License. package policies -import "github.com/deislabs/ratify/pkg/policyprovider" +import "github.com/ratify-project/ratify/pkg/policyprovider" // PolicyManager is an interface that defines the methods for managing policies across different scopes. type PolicyManager interface { diff --git a/pkg/customresources/policies/policies.go b/pkg/customresources/policies/policies.go index 425d3bc13..338abb9b5 100644 --- a/pkg/customresources/policies/policies.go +++ b/pkg/customresources/policies/policies.go @@ -18,8 +18,8 @@ package policies import ( "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/policyprovider" ) // PolicyWrapper wraps policy provider with its policy name. diff --git a/pkg/customresources/policies/policies_test.go b/pkg/customresources/policies/policies_test.go index 6acfbc48b..811303f77 100644 --- a/pkg/customresources/policies/policies_test.go +++ b/pkg/customresources/policies/policies_test.go @@ -19,10 +19,10 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" ) type mockPolicy struct{} diff --git a/pkg/customresources/referrerstores/api.go b/pkg/customresources/referrerstores/api.go index 63fcc47ae..04f07e40b 100644 --- a/pkg/customresources/referrerstores/api.go +++ b/pkg/customresources/referrerstores/api.go @@ -16,7 +16,7 @@ limitations under the License. package referrerstores import ( - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // ReferrerStoreManager is an interface that defines the methods for managing referrer stores across different scopes. diff --git a/pkg/customresources/referrerstores/stores.go b/pkg/customresources/referrerstores/stores.go index fc1e67f56..4de864c5d 100644 --- a/pkg/customresources/referrerstores/stores.go +++ b/pkg/customresources/referrerstores/stores.go @@ -18,8 +18,8 @@ package referrerstores import ( "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // ActiveStores implements the ReferrerStoreManager interface. diff --git a/pkg/customresources/referrerstores/stores_test.go b/pkg/customresources/referrerstores/stores_test.go index b590e8d09..7552a8b5e 100644 --- a/pkg/customresources/referrerstores/stores_test.go +++ b/pkg/customresources/referrerstores/stores_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - rs "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + rs "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type mockStore struct { diff --git a/pkg/customresources/verifiers/api.go b/pkg/customresources/verifiers/api.go index 919c92e39..4ea34e5dd 100644 --- a/pkg/customresources/verifiers/api.go +++ b/pkg/customresources/verifiers/api.go @@ -16,7 +16,7 @@ limitations under the License. package verifiers import ( - vr "github.com/deislabs/ratify/pkg/verifier" + vr "github.com/ratify-project/ratify/pkg/verifier" ) // VerifierManager is an interface that defines the methods for managing verifiers across different scopes. diff --git a/pkg/customresources/verifiers/verifiers.go b/pkg/customresources/verifiers/verifiers.go index 758be683f..8d24b1a2a 100644 --- a/pkg/customresources/verifiers/verifiers.go +++ b/pkg/customresources/verifiers/verifiers.go @@ -18,8 +18,8 @@ package verifiers import ( "sync" - "github.com/deislabs/ratify/internal/constants" - vr "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/internal/constants" + vr "github.com/ratify-project/ratify/pkg/verifier" ) // ActiveVerifiers implements VerifierManger interface. diff --git a/pkg/customresources/verifiers/verifiers_test.go b/pkg/customresources/verifiers/verifiers_test.go index 02148d633..852d664fe 100644 --- a/pkg/customresources/verifiers/verifiers_test.go +++ b/pkg/customresources/verifiers/verifiers_test.go @@ -19,11 +19,11 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" ) type mockVerifier struct { diff --git a/pkg/executor/api.go b/pkg/executor/api.go index 8ea2d5c95..c40592125 100644 --- a/pkg/executor/api.go +++ b/pkg/executor/api.go @@ -19,7 +19,7 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/executor/types" ) // VerifyParameters describes the subject verification parameters diff --git a/pkg/executor/core/executor.go b/pkg/executor/core/executor.go index f1cec9d79..ef9d27210 100644 --- a/pkg/executor/core/executor.go +++ b/pkg/executor/core/executor.go @@ -21,21 +21,21 @@ import ( "sync" "time" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - e "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" - vr "github.com/deislabs/ratify/pkg/verifier" - vt "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + e "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" + vr "github.com/ratify-project/ratify/pkg/verifier" + vt "github.com/ratify-project/ratify/pkg/verifier/types" "golang.org/x/sync/errgroup" ) diff --git a/pkg/executor/core/executor_test.go b/pkg/executor/core/executor_test.go index a4fbb1518..b30b64a9a 100644 --- a/pkg/executor/core/executor_test.go +++ b/pkg/executor/core/executor_test.go @@ -22,22 +22,22 @@ import ( "testing" "time" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - e "github.com/deislabs/ratify/pkg/executor" - exConfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - policyConfig "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - policyTypes "github.com/deislabs/ratify/pkg/policyprovider/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - storeConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + e "github.com/ratify-project/ratify/pkg/executor" + exConfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + policyConfig "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + policyTypes "github.com/ratify-project/ratify/pkg/policyprovider/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + storeConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/executor/core/executorwithcache.go b/pkg/executor/core/executorwithcache.go index c3e1c2c52..c95171fa7 100644 --- a/pkg/executor/core/executorwithcache.go +++ b/pkg/executor/core/executorwithcache.go @@ -19,9 +19,9 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/verifiercache" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/verifiercache" ) // ExecutorWithCache wraps the executor with a verifier cache diff --git a/pkg/executor/core/testtypes.go b/pkg/executor/core/testtypes.go index fd28a410d..e3717d4cf 100644 --- a/pkg/executor/core/testtypes.go +++ b/pkg/executor/core/testtypes.go @@ -18,10 +18,10 @@ package core import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestVerifier struct { diff --git a/pkg/executor/types/types.go b/pkg/executor/types/types.go index d615991f5..ccf78c337 100644 --- a/pkg/executor/types/types.go +++ b/pkg/executor/types/types.go @@ -18,7 +18,7 @@ package types import ( "fmt" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/verifier/types" ) // VerifyResult describes the results of verifying a subject diff --git a/pkg/keymanagementprovider/azurekeyvault/auth.go b/pkg/keymanagementprovider/azurekeyvault/auth.go index 6769038eb..d380beb00 100644 --- a/pkg/keymanagementprovider/azurekeyvault/auth.go +++ b/pkg/keymanagementprovider/azurekeyvault/auth.go @@ -25,7 +25,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/utils/azureauth" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go index 24bb07845..f24114751 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider.go @@ -28,14 +28,14 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" - "github.com/deislabs/ratify/pkg/metrics" "github.com/go-jose/go-jose/v3" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/pkg/metrics" "golang.org/x/crypto/pkcs12" kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" @@ -140,7 +140,7 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.Name, s.vaultURI) // fetch the object from Key Vault - // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details + // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details startTime := time.Now() secretBundle, err := s.kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version) if err != nil { diff --git a/pkg/keymanagementprovider/azurekeyvault/provider_test.go b/pkg/keymanagementprovider/azurekeyvault/provider_test.go index fc9730cad..ecb5863d8 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider_test.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider_test.go @@ -26,8 +26,8 @@ import ( kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" "github.com/Azure/go-autorest/autorest/azure" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/factory/factory.go b/pkg/keymanagementprovider/factory/factory.go index 150093b54..401ebb8ce 100644 --- a/pkg/keymanagementprovider/factory/factory.go +++ b/pkg/keymanagementprovider/factory/factory.go @@ -18,9 +18,9 @@ package factory import ( "fmt" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/types" ) // map of key management provider names to key management provider factories diff --git a/pkg/keymanagementprovider/factory/factory_test.go b/pkg/keymanagementprovider/factory/factory_test.go index 9a89904ad..8f28bee0d 100644 --- a/pkg/keymanagementprovider/factory/factory_test.go +++ b/pkg/keymanagementprovider/factory/factory_test.go @@ -18,9 +18,9 @@ package factory import ( "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/mocks" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/mocks" ) type TestKeyManagementProviderFactory struct{} diff --git a/pkg/keymanagementprovider/inline/provider.go b/pkg/keymanagementprovider/inline/provider.go index c6bc3e0a2..2bd6b83ef 100644 --- a/pkg/keymanagementprovider/inline/provider.go +++ b/pkg/keymanagementprovider/inline/provider.go @@ -22,10 +22,10 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" ) const ( diff --git a/pkg/keymanagementprovider/inline/provider_test.go b/pkg/keymanagementprovider/inline/provider_test.go index 9b7f93fcf..68b461523 100644 --- a/pkg/keymanagementprovider/inline/provider_test.go +++ b/pkg/keymanagementprovider/inline/provider_test.go @@ -19,8 +19,8 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/keymanagementprovider.go b/pkg/keymanagementprovider/keymanagementprovider.go index 76791d143..714deda94 100644 --- a/pkg/keymanagementprovider/keymanagementprovider.go +++ b/pkg/keymanagementprovider/keymanagementprovider.go @@ -24,10 +24,10 @@ import ( "strings" "sync" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - vu "github.com/deislabs/ratify/pkg/verifier/utils" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + vu "github.com/ratify-project/ratify/pkg/verifier/utils" "github.com/sigstore/sigstore/pkg/cryptoutils" ) diff --git a/pkg/keymanagementprovider/keymanagementprovider_test.go b/pkg/keymanagementprovider/keymanagementprovider_test.go index 9a4b6f0be..6e6a55acc 100644 --- a/pkg/keymanagementprovider/keymanagementprovider_test.go +++ b/pkg/keymanagementprovider/keymanagementprovider_test.go @@ -23,8 +23,8 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" - ctxUtils "github.com/deislabs/ratify/internal/context" + ratifyerrors "github.com/ratify-project/ratify/errors" + ctxUtils "github.com/ratify-project/ratify/internal/context" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/mocks/types.go b/pkg/keymanagementprovider/mocks/types.go index 1a3b60ad4..829b08e52 100644 --- a/pkg/keymanagementprovider/mocks/types.go +++ b/pkg/keymanagementprovider/mocks/types.go @@ -20,7 +20,7 @@ import ( "crypto" "crypto/x509" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" ) type TestKeyManagementProvider struct { diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index ba6876107..f284ceaea 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -27,15 +27,15 @@ import ( // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/httpserver" - "github.com/deislabs/ratify/pkg/featureflag" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" // register config policy provider - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" // register rego policy provider - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" // register ORAS referrer store - "github.com/deislabs/ratify/pkg/utils" - _ "github.com/deislabs/ratify/pkg/verifier/notation" // register notation verifier "github.com/open-policy-agent/cert-controller/pkg/rotator" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/httpserver" + "github.com/ratify-project/ratify/pkg/featureflag" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" // register config policy provider + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" // register rego policy provider + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" // register ORAS referrer store + "github.com/ratify-project/ratify/pkg/utils" + _ "github.com/ratify-project/ratify/pkg/verifier/notation" // register notation verifier "github.com/sirupsen/logrus" _ "k8s.io/client-go/plugin/pkg/client/auth" // import additional authentication methods @@ -46,13 +46,13 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" - configv1alpha1 "github.com/deislabs/ratify/api/v1alpha1" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/clusterresource" - "github.com/deislabs/ratify/pkg/controllers/namespaceresource" - ef "github.com/deislabs/ratify/pkg/executor/core" + configv1alpha1 "github.com/ratify-project/ratify/api/v1alpha1" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/clusterresource" + "github.com/ratify-project/ratify/pkg/controllers/namespaceresource" + ef "github.com/ratify-project/ratify/pkg/executor/core" //+kubebuilder:scaffold:imports ) @@ -130,7 +130,7 @@ func StartManager(certRotatorReady chan struct{}, probeAddr string) { Port: 9443, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, - LeaderElectionID: "1a306109.github.com/deislabs/ratify", + LeaderElectionID: "1a306109.github.com/ratify-project/ratify", // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/pkg/metrics/stats_reporter.go b/pkg/metrics/stats_reporter.go index 2cc294fbb..de8be99c3 100644 --- a/pkg/metrics/stats_reporter.go +++ b/pkg/metrics/stats_reporter.go @@ -18,7 +18,7 @@ package metrics import ( "context" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" "github.com/sirupsen/logrus" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" @@ -43,7 +43,7 @@ var ( ) const ( - scope = "github.com/deislabs/ratify" + scope = "github.com/ratify-project/ratify" // metric names metricNameVerificationDuration = "ratify_verification_request" diff --git a/pkg/metrics/stats_reporter_test.go b/pkg/metrics/stats_reporter_test.go index 317aa98dc..54dc1e362 100644 --- a/pkg/metrics/stats_reporter_test.go +++ b/pkg/metrics/stats_reporter_test.go @@ -20,7 +20,7 @@ import ( "fmt" "testing" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" ) diff --git a/pkg/policyprovider/api.go b/pkg/policyprovider/api.go index 6492ec742..f137abc88 100644 --- a/pkg/policyprovider/api.go +++ b/pkg/policyprovider/api.go @@ -18,9 +18,9 @@ package policyprovider import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" ) // PolicyProvider is an interface with methods that represents policy decisions. diff --git a/pkg/policyprovider/configpolicy/configpolicy.go b/pkg/policyprovider/configpolicy/configpolicy.go index d8bfcf588..a0475bbc2 100644 --- a/pkg/policyprovider/configpolicy/configpolicy.go +++ b/pkg/policyprovider/configpolicy/configpolicy.go @@ -20,15 +20,15 @@ import ( "encoding/json" "fmt" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - vt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/verifier" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + vt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/verifier" ) // PolicyEnforcer describes different polices that are enforced during verification diff --git a/pkg/policyprovider/configpolicy/configpolicy_test.go b/pkg/policyprovider/configpolicy/configpolicy_test.go index 596b561a2..565359ef3 100644 --- a/pkg/policyprovider/configpolicy/configpolicy_test.go +++ b/pkg/policyprovider/configpolicy/configpolicy_test.go @@ -19,14 +19,14 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/common" - vt "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - pc "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/policyprovider/types" - vr "github.com/deislabs/ratify/pkg/verifier" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + vt "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + pc "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider/types" + vr "github.com/ratify-project/ratify/pkg/verifier" ) func TestPolicyEnforcer_ContinueVerifyOnFailure(t *testing.T) { diff --git a/pkg/policyprovider/factory/factory.go b/pkg/policyprovider/factory/factory.go index dbf9ed541..048fb221a 100644 --- a/pkg/policyprovider/factory/factory.go +++ b/pkg/policyprovider/factory/factory.go @@ -19,10 +19,10 @@ import ( "fmt" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/policyprovider/factory/factory_test.go b/pkg/policyprovider/factory/factory_test.go index 157c6972e..dbc255b8c 100644 --- a/pkg/policyprovider/factory/factory_test.go +++ b/pkg/policyprovider/factory/factory_test.go @@ -18,9 +18,9 @@ package factory import ( "testing" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - "github.com/deislabs/ratify/pkg/policyprovider/mocks" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/policyprovider/mocks" ) type TestPolicyProviderFactory struct{} diff --git a/pkg/policyprovider/mocks/types.go b/pkg/policyprovider/mocks/types.go index 0903f019d..bf57b1870 100644 --- a/pkg/policyprovider/mocks/types.go +++ b/pkg/policyprovider/mocks/types.go @@ -18,10 +18,10 @@ package mocks import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestPolicyProvider struct{} diff --git a/pkg/policyprovider/policyengine/opaengine/opa_engine.go b/pkg/policyprovider/policyengine/opaengine/opa_engine.go index 1f1174d68..6eddfe9af 100644 --- a/pkg/policyprovider/policyengine/opaengine/opa_engine.go +++ b/pkg/policyprovider/policyengine/opaengine/opa_engine.go @@ -20,8 +20,8 @@ import ( "errors" "strings" - "github.com/deislabs/ratify/pkg/policyprovider/policyengine" - "github.com/deislabs/ratify/pkg/policyprovider/policyquery" + "github.com/ratify-project/ratify/pkg/policyprovider/policyengine" + "github.com/ratify-project/ratify/pkg/policyprovider/policyquery" ) const OPA = "opa" diff --git a/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go b/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go index 49160c3ba..9184155a3 100644 --- a/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go +++ b/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go @@ -19,7 +19,7 @@ import ( "context" "testing" - query "github.com/deislabs/ratify/pkg/policyprovider/policyquery/rego" + query "github.com/ratify-project/ratify/pkg/policyprovider/policyquery/rego" ) const ( diff --git a/pkg/policyprovider/policyquery/rego/query.go b/pkg/policyprovider/policyquery/rego/query.go index f5832a855..3c7f60a85 100644 --- a/pkg/policyprovider/policyquery/rego/query.go +++ b/pkg/policyprovider/policyquery/rego/query.go @@ -19,9 +19,9 @@ import ( "context" "fmt" - "github.com/deislabs/ratify/pkg/policyprovider/policyquery" "github.com/open-policy-agent/opa/rego" "github.com/pkg/errors" + "github.com/ratify-project/ratify/pkg/policyprovider/policyquery" ) const ( diff --git a/pkg/policyprovider/regopolicy/regopolicy.go b/pkg/policyprovider/regopolicy/regopolicy.go index ad3d85057..f5251a0cd 100644 --- a/pkg/policyprovider/regopolicy/regopolicy.go +++ b/pkg/policyprovider/regopolicy/regopolicy.go @@ -21,18 +21,18 @@ import ( "fmt" "os" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/policyprovider/policyengine" - opa "github.com/deislabs/ratify/pkg/policyprovider/policyengine/opaengine" - query "github.com/deislabs/ratify/pkg/policyprovider/policyquery/rego" - policyTypes "github.com/deislabs/ratify/pkg/policyprovider/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider/policyengine" + opa "github.com/ratify-project/ratify/pkg/policyprovider/policyengine/opaengine" + query "github.com/ratify-project/ratify/pkg/policyprovider/policyquery/rego" + policyTypes "github.com/ratify-project/ratify/pkg/policyprovider/types" ) type policyEnforcer struct { diff --git a/pkg/policyprovider/regopolicy/regopolicy_test.go b/pkg/policyprovider/regopolicy/regopolicy_test.go index d8327943a..eb6ab05f8 100644 --- a/pkg/policyprovider/regopolicy/regopolicy_test.go +++ b/pkg/policyprovider/regopolicy/regopolicy_test.go @@ -21,10 +21,10 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider/config" ) const ( diff --git a/pkg/referrerstore/api.go b/pkg/referrerstore/api.go index ed2da7f53..39482be71 100644 --- a/pkg/referrerstore/api.go +++ b/pkg/referrerstore/api.go @@ -18,10 +18,10 @@ package referrerstore import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) // ListReferrersResult represents the result of ListReferrers API diff --git a/pkg/referrerstore/factory/factory.go b/pkg/referrerstore/factory/factory.go index fb80faa50..740ce5f15 100644 --- a/pkg/referrerstore/factory/factory.go +++ b/pkg/referrerstore/factory/factory.go @@ -21,13 +21,13 @@ import ( "path" "strings" - re "github.com/deislabs/ratify/errors" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" + re "github.com/ratify-project/ratify/errors" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/referrerstore/factory/factory_test.go b/pkg/referrerstore/factory/factory_test.go index 405603d35..8c42ab654 100644 --- a/pkg/referrerstore/factory/factory_test.go +++ b/pkg/referrerstore/factory/factory_test.go @@ -21,12 +21,12 @@ import ( "path" "testing" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/referrerstore/mocks/memory_store.go b/pkg/referrerstore/mocks/memory_store.go index e64aa9c4e..9a0a07194 100644 --- a/pkg/referrerstore/mocks/memory_store.go +++ b/pkg/referrerstore/mocks/memory_store.go @@ -17,12 +17,12 @@ import ( "context" "fmt" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type MemoryTestStore struct { diff --git a/pkg/referrerstore/mocks/types.go b/pkg/referrerstore/mocks/types.go index 546b92e67..1685f98e8 100644 --- a/pkg/referrerstore/mocks/types.go +++ b/pkg/referrerstore/mocks/types.go @@ -20,12 +20,12 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type TestStore struct { diff --git a/pkg/referrerstore/oras/cache.go b/pkg/referrerstore/oras/cache.go index 3b983fa1e..d0c6c0608 100644 --- a/pkg/referrerstore/oras/cache.go +++ b/pkg/referrerstore/oras/cache.go @@ -21,12 +21,12 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) const defaultTTL = 10 diff --git a/pkg/referrerstore/oras/cache_test.go b/pkg/referrerstore/oras/cache_test.go index 569c20e2f..77fa1c7d2 100644 --- a/pkg/referrerstore/oras/cache_test.go +++ b/pkg/referrerstore/oras/cache_test.go @@ -22,12 +22,12 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" oci "github.com/opencontainers/image-spec/specs-go/v1" ) diff --git a/pkg/referrerstore/oras/cosign.go b/pkg/referrerstore/oras/cosign.go index 7d0d9a72b..a60f458ae 100644 --- a/pkg/referrerstore/oras/cosign.go +++ b/pkg/referrerstore/oras/cosign.go @@ -21,10 +21,10 @@ import ( "fmt" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" "oras.land/oras-go/v2/errdef" "oras.land/oras-go/v2/registry" diff --git a/pkg/referrerstore/oras/cosign_test.go b/pkg/referrerstore/oras/cosign_test.go index 3e87c001e..32693fa13 100644 --- a/pkg/referrerstore/oras/cosign_test.go +++ b/pkg/referrerstore/oras/cosign_test.go @@ -23,14 +23,14 @@ import ( "reflect" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/cache" - _ "github.com/deislabs/ratify/pkg/cache/ristretto" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/oras/mocks" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/cache" + _ "github.com/ratify-project/ratify/pkg/cache/ristretto" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/oras/mocks" "oras.land/oras-go/v2/registry" "oras.land/oras-go/v2/registry/remote/errcode" ) diff --git a/pkg/referrerstore/oras/oras.go b/pkg/referrerstore/oras/oras.go index 45bfc999a..5300790d2 100644 --- a/pkg/referrerstore/oras/oras.go +++ b/pkg/referrerstore/oras/oras.go @@ -37,23 +37,23 @@ import ( "oras.land/oras-go/v2/registry/remote/errcode" "oras.land/oras-go/v2/registry/remote/retry" - ratifyconfig "github.com/deislabs/ratify/config" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/internal/version" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" - _ "github.com/deislabs/ratify/pkg/common/oras/authprovider/aws" // register aws auth provider - _ "github.com/deislabs/ratify/pkg/common/oras/authprovider/azure" // register azure auth provider - commonutils "github.com/deislabs/ratify/pkg/common/utils" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/factory" "github.com/opencontainers/go-digest" + ratifyconfig "github.com/ratify-project/ratify/config" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/version" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + _ "github.com/ratify-project/ratify/pkg/common/oras/authprovider/aws" // register aws auth provider + _ "github.com/ratify-project/ratify/pkg/common/oras/authprovider/azure" // register azure auth provider + commonutils "github.com/ratify-project/ratify/pkg/common/utils" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/factory" ) const ( diff --git a/pkg/referrerstore/oras/oras_test.go b/pkg/referrerstore/oras/oras_test.go index b561e5009..01a8516f1 100644 --- a/pkg/referrerstore/oras/oras_test.go +++ b/pkg/referrerstore/oras/oras_test.go @@ -29,13 +29,13 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/oras/mocks" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/oras/mocks" "oras.land/oras-go/v2/registry" "oras.land/oras-go/v2/registry/remote/errcode" ) diff --git a/pkg/referrerstore/oras/utils.go b/pkg/referrerstore/oras/utils.go index 396044a87..1965b463b 100644 --- a/pkg/referrerstore/oras/utils.go +++ b/pkg/referrerstore/oras/utils.go @@ -19,8 +19,8 @@ import ( "regexp" "strings" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) // Detect the loopback IP (127.0.0.1) diff --git a/pkg/referrerstore/oras/utils_test.go b/pkg/referrerstore/oras/utils_test.go index c54046e4a..74d14358b 100644 --- a/pkg/referrerstore/oras/utils_test.go +++ b/pkg/referrerstore/oras/utils_test.go @@ -18,9 +18,9 @@ package oras import ( "testing" - "github.com/deislabs/ratify/pkg/ocispecs" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) func TestIsInsecureRegistry(t *testing.T) { diff --git a/pkg/referrerstore/plugin/args.go b/pkg/referrerstore/plugin/args.go index 9bdaa04d6..18dfc68fa 100644 --- a/pkg/referrerstore/plugin/args.go +++ b/pkg/referrerstore/plugin/args.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" ) // ReferrerStorePluginArgs describes all arguments that are passed when a store plugin is invoked diff --git a/pkg/referrerstore/plugin/plugin.go b/pkg/referrerstore/plugin/plugin.go index 8f9e995b7..8f76590f8 100644 --- a/pkg/referrerstore/plugin/plugin.go +++ b/pkg/referrerstore/plugin/plugin.go @@ -22,13 +22,13 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/types" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/types" ) // StorePlugin describes a store that is implemented by invoking the plugins diff --git a/pkg/referrerstore/plugin/plugin_test.go b/pkg/referrerstore/plugin/plugin_test.go index 40223e52b..bc71ab1e0 100644 --- a/pkg/referrerstore/plugin/plugin_test.go +++ b/pkg/referrerstore/plugin/plugin_test.go @@ -22,9 +22,9 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" ) const ( diff --git a/pkg/referrerstore/plugin/skel/skel.go b/pkg/referrerstore/plugin/skel/skel.go index 345b2d2ff..39df7f14e 100644 --- a/pkg/referrerstore/plugin/skel/skel.go +++ b/pkg/referrerstore/plugin/skel/skel.go @@ -23,14 +23,14 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sp "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sp "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" + "github.com/ratify-project/ratify/pkg/utils" ) type pcontext struct { diff --git a/pkg/referrerstore/plugin/skel/skel_test.go b/pkg/referrerstore/plugin/skel/skel_test.go index 3a1e03ed3..36e716120 100644 --- a/pkg/referrerstore/plugin/skel/skel_test.go +++ b/pkg/referrerstore/plugin/skel/skel_test.go @@ -22,14 +22,14 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" + "github.com/ratify-project/ratify/pkg/utils" ) const skelPluginName = "skel-test-case" diff --git a/pkg/referrerstore/types/types.go b/pkg/referrerstore/types/types.go index e5ea55b71..3953176d9 100644 --- a/pkg/referrerstore/types/types.go +++ b/pkg/referrerstore/types/types.go @@ -19,8 +19,8 @@ import ( "encoding/json" "io" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) const ( diff --git a/pkg/referrerstore/utils/utils.go b/pkg/referrerstore/utils/utils.go index 9afd5ed67..dac30f2db 100644 --- a/pkg/referrerstore/utils/utils.go +++ b/pkg/referrerstore/utils/utils.go @@ -18,11 +18,11 @@ package utils import ( "context" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) var logOpt = logger.Option{ diff --git a/pkg/referrerstore/utils/utils_test.go b/pkg/referrerstore/utils/utils_test.go index dc46e0f5b..55fdfa796 100644 --- a/pkg/referrerstore/utils/utils_test.go +++ b/pkg/referrerstore/utils/utils_test.go @@ -19,10 +19,10 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/utils" ) func TestResolveSubjectDescriptor_Success(t *testing.T) { diff --git a/pkg/utils/azureauth/authenticationUtils.go b/pkg/utils/azureauth/authenticationUtils.go index 96156577f..e24fb1488 100644 --- a/pkg/utils/azureauth/authenticationUtils.go +++ b/pkg/utils/azureauth/authenticationUtils.go @@ -22,7 +22,7 @@ import ( "time" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" - "github.com/deislabs/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/metrics" ) // Source: https://github.com/Azure/azure-workload-identity/blob/d126293e3c7c669378b225ad1b1f29cf6af4e56d/examples/msal-go/token_credential.go#L25 diff --git a/pkg/utils/certificateUtil_test.go b/pkg/utils/certificateUtil_test.go index 9db4fa983..aec3d79f6 100644 --- a/pkg/utils/certificateUtil_test.go +++ b/pkg/utils/certificateUtil_test.go @@ -18,7 +18,7 @@ import ( "os" "testing" - "github.com/deislabs/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/homedir" ) const ( diff --git a/pkg/utils/certificateUtils.go b/pkg/utils/certificateUtils.go index df0ed41df..f4945301b 100644 --- a/pkg/utils/certificateUtils.go +++ b/pkg/utils/certificateUtils.go @@ -23,9 +23,9 @@ import ( "path/filepath" - "github.com/deislabs/ratify/pkg/homedir" notationx509 "github.com/notaryproject/notation-core-go/x509" "github.com/pkg/errors" + "github.com/ratify-project/ratify/pkg/homedir" "github.com/sirupsen/logrus" ) diff --git a/pkg/utils/test_utils.go b/pkg/utils/test_utils.go index 5e0100719..4ef0fd5ef 100644 --- a/pkg/utils/test_utils.go +++ b/pkg/utils/test_utils.go @@ -21,7 +21,7 @@ import ( "os" "path/filepath" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 578837f7d..6b90ea07a 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -22,10 +22,10 @@ import ( _ "crypto/sha256" // required package for digest.Parse - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" "github.com/distribution/reference" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" ) const ( diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go index 859bb5876..cfba6a8ea 100644 --- a/pkg/utils/utils_test.go +++ b/pkg/utils/utils_test.go @@ -20,8 +20,8 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" ) const ( diff --git a/pkg/verifier/api.go b/pkg/verifier/api.go index 00f505de6..dcc549662 100644 --- a/pkg/verifier/api.go +++ b/pkg/verifier/api.go @@ -18,9 +18,9 @@ package verifier import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // VerifierResult describes the result of verifying a reference manifest for a subject diff --git a/pkg/verifier/config/config.go b/pkg/verifier/config/config.go index 8205d7bec..634ef1fd6 100644 --- a/pkg/verifier/config/config.go +++ b/pkg/verifier/config/config.go @@ -16,8 +16,8 @@ limitations under the License. package config import ( - "github.com/deislabs/ratify/pkg/ocispecs" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/ocispecs" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type VerifierConfig map[string]interface{} diff --git a/pkg/verifier/cosign/cosign.go b/pkg/verifier/cosign/cosign.go index 34b0e3cb4..40a67fbfb 100644 --- a/pkg/verifier/cosign/cosign.go +++ b/pkg/verifier/cosign/cosign.go @@ -30,25 +30,25 @@ import ( "path/filepath" "strings" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" "golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/cryptobyte/asn1" - re "github.com/deislabs/ratify/errors" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/opencontainers/go-digest" imgspec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" + re "github.com/ratify-project/ratify/errors" "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio" "github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor" "github.com/sigstore/cosign/v2/pkg/cosign" diff --git a/pkg/verifier/cosign/cosign_test.go b/pkg/verifier/cosign/cosign_test.go index 0b6bf260d..4ceb03a96 100644 --- a/pkg/verifier/cosign/cosign_test.go +++ b/pkg/verifier/cosign/cosign_test.go @@ -29,14 +29,14 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier/config" "github.com/opencontainers/go-digest" imgspec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier/config" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/pkg/oci/static" "github.com/sigstore/rekor/pkg/generated/client" @@ -45,7 +45,7 @@ import ( ) const ( - ratifySampleImageRef string = "ghcr.io/deislabs/ratify:v1" + ratifySampleImageRef string = "ghcr.io/ratify-project/ratify:v1" testIdentity string = "sozercan@gmail.com" testIssuer string = "https://github.com/login/oauth" ) diff --git a/pkg/verifier/cosign/trustpolicies.go b/pkg/verifier/cosign/trustpolicies.go index b4082d21d..4858cfd47 100644 --- a/pkg/verifier/cosign/trustpolicies.go +++ b/pkg/verifier/cosign/trustpolicies.go @@ -21,7 +21,7 @@ import ( "slices" "strings" - re "github.com/deislabs/ratify/errors" + re "github.com/ratify-project/ratify/errors" ) type TrustPolicies struct { diff --git a/pkg/verifier/cosign/trustpolicies_test.go b/pkg/verifier/cosign/trustpolicies_test.go index 2d7d29208..6b915a07e 100644 --- a/pkg/verifier/cosign/trustpolicies_test.go +++ b/pkg/verifier/cosign/trustpolicies_test.go @@ -31,7 +31,7 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -52,12 +52,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -68,12 +68,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -84,12 +84,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -99,12 +99,12 @@ func TestCreateTrustPolicies(t *testing.T) { name: "invalid policy invalid trust policy config", policyConfigs: []TrustPolicyConfig{ { - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -135,16 +135,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify:v1", + reference: "ghcr.io/ratify-project/ratify:v1", wantErr: false, wantPolicyName: "test", }, @@ -153,16 +153,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify:v1", + reference: "ghcr.io/ratify-project/ratify:v1", wantErr: false, wantPolicyName: "test", }, @@ -171,16 +171,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify3:v1", + reference: "ghcr.io/ratify-project/ratify3:v1", wantErr: true, wantPolicyName: "", }, @@ -194,11 +194,11 @@ func TestGetScopedPolicy(t *testing.T) { }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify3:v1", + reference: "ghcr.io/ratify-project/ratify3:v1", wantErr: false, wantPolicyName: "global", }, @@ -233,7 +233,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -244,7 +244,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1", "ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1", "ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -255,7 +255,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -266,7 +266,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -299,7 +299,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1", "ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1", "ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -310,12 +310,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -342,7 +342,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*", "ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*", "ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -375,7 +375,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/*", "ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/*", "ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -386,7 +386,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { @@ -402,12 +402,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -418,12 +418,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, diff --git a/pkg/verifier/cosign/trustpolicy.go b/pkg/verifier/cosign/trustpolicy.go index 7efe26949..c49b86aa8 100644 --- a/pkg/verifier/cosign/trustpolicy.go +++ b/pkg/verifier/cosign/trustpolicy.go @@ -22,9 +22,9 @@ import ( "os" "slices" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/utils" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/utils" "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio" "github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor" "github.com/sigstore/cosign/v2/pkg/cosign" diff --git a/pkg/verifier/cosign/trustpolicy_test.go b/pkg/verifier/cosign/trustpolicy_test.go index c55a91d49..5cb10d212 100644 --- a/pkg/verifier/cosign/trustpolicy_test.go +++ b/pkg/verifier/cosign/trustpolicy_test.go @@ -22,8 +22,8 @@ import ( "fmt" "testing" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sigstore/cosign/v2/pkg/cosign" ) diff --git a/pkg/verifier/factory/factory.go b/pkg/verifier/factory/factory.go index 43e16be3c..eb3bedabf 100644 --- a/pkg/verifier/factory/factory.go +++ b/pkg/verifier/factory/factory.go @@ -21,13 +21,13 @@ import ( "path" "strings" - re "github.com/deislabs/ratify/errors" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/verifier/factory/factory_test.go b/pkg/verifier/factory/factory_test.go index b8ee940b3..d1d6be868 100644 --- a/pkg/verifier/factory/factory_test.go +++ b/pkg/verifier/factory/factory_test.go @@ -20,15 +20,15 @@ import ( "os" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/plugin" ) type TestVerifier struct { diff --git a/pkg/verifier/mocks/types.go b/pkg/verifier/mocks/types.go index c6fb07394..cf311d3d1 100644 --- a/pkg/verifier/mocks/types.go +++ b/pkg/verifier/mocks/types.go @@ -19,9 +19,9 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestExecutor struct { diff --git a/pkg/verifier/notation/notation.go b/pkg/verifier/notation/notation.go index a1db7a18b..6841dc99a 100644 --- a/pkg/verifier/notation/notation.go +++ b/pkg/verifier/notation/notation.go @@ -22,19 +22,19 @@ import ( paths "path/filepath" "strings" - ratifyconfig "github.com/deislabs/ratify/config" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/homedir" - - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + ratifyconfig "github.com/ratify-project/ratify/config" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/notaryproject/notation-go/log" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" _ "github.com/notaryproject/notation-core-go/signature/cose" // register COSE signature _ "github.com/notaryproject/notation-core-go/signature/jws" // register JWS signature diff --git a/pkg/verifier/notation/notation_test.go b/pkg/verifier/notation/notation_test.go index 876e1da74..10a9c63b1 100644 --- a/pkg/verifier/notation/notation_test.go +++ b/pkg/verifier/notation/notation_test.go @@ -22,17 +22,17 @@ import ( "reflect" "testing" - ratifyconfig "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/verifier" sig "github.com/notaryproject/notation-core-go/signature" "github.com/notaryproject/notation-go" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + ratifyconfig "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/verifier/notation/truststore.go b/pkg/verifier/notation/truststore.go index 03d4c21c1..6a7314eac 100644 --- a/pkg/verifier/notation/truststore.go +++ b/pkg/verifier/notation/truststore.go @@ -21,11 +21,11 @@ import ( "errors" "fmt" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/utils" "github.com/notaryproject/notation-go/verifier/truststore" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/utils" ) var logOpt = logger.Option{ diff --git a/pkg/verifier/notation/truststore_test.go b/pkg/verifier/notation/truststore_test.go index 15145f036..12c331f0e 100644 --- a/pkg/verifier/notation/truststore_test.go +++ b/pkg/verifier/notation/truststore_test.go @@ -21,7 +21,7 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers" ) const ( diff --git a/pkg/verifier/plugin/args.go b/pkg/verifier/plugin/args.go index 893743295..b4f627369 100644 --- a/pkg/verifier/plugin/args.go +++ b/pkg/verifier/plugin/args.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" ) // VerifierPluginArgs describes arguments that are passed to the verifier plugin diff --git a/pkg/verifier/plugin/plugin.go b/pkg/verifier/plugin/plugin.go index 2d51ebe50..9357b46bd 100644 --- a/pkg/verifier/plugin/plugin.go +++ b/pkg/verifier/plugin/plugin.go @@ -22,15 +22,15 @@ import ( "os" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/types" ) // VerifierPlugin describes a verifier that is implemented by invoking the plugins diff --git a/pkg/verifier/plugin/plugin_test.go b/pkg/verifier/plugin/plugin_test.go index dd6c2faf6..f8f5bca7c 100644 --- a/pkg/verifier/plugin/plugin_test.go +++ b/pkg/verifier/plugin/plugin_test.go @@ -20,9 +20,9 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - sm "github.com/deislabs/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + sm "github.com/ratify-project/ratify/pkg/referrerstore/mocks" ) const ( diff --git a/pkg/verifier/plugin/skel/skel.go b/pkg/verifier/plugin/skel/skel.go index 834c69166..05b0ebd08 100644 --- a/pkg/verifier/plugin/skel/skel.go +++ b/pkg/verifier/plugin/skel/skel.go @@ -23,17 +23,17 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - storeConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - vp "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + storeConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + vp "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" ) type pcontext struct { diff --git a/pkg/verifier/plugin/skel/skel_test.go b/pkg/verifier/plugin/skel/skel_test.go index 97a78b411..e07cf1eb6 100644 --- a/pkg/verifier/plugin/skel/skel_test.go +++ b/pkg/verifier/plugin/skel/skel_test.go @@ -23,18 +23,18 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sp "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sp "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier" // This import is required to utilize the oras built-in referrer store - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/utils" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/verifier/types/types.go b/pkg/verifier/types/types.go index df9890efb..1c12dc086 100644 --- a/pkg/verifier/types/types.go +++ b/pkg/verifier/types/types.go @@ -19,7 +19,7 @@ import ( "encoding/json" "io" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/verifier/utils/utils.go b/pkg/verifier/utils/utils.go index 07e9068e5..7e128e6c7 100644 --- a/pkg/verifier/utils/utils.go +++ b/pkg/verifier/utils/utils.go @@ -18,7 +18,7 @@ package utils import ( "strings" - "github.com/deislabs/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/constants" ) // return true if string looks like a K8s namespaced resource. e.g. namespace/name diff --git a/pkg/verifiercache/api.go b/pkg/verifiercache/api.go index a15ba76ee..03e14a4ce 100644 --- a/pkg/verifiercache/api.go +++ b/pkg/verifiercache/api.go @@ -19,7 +19,7 @@ import ( "context" "time" - et "github.com/deislabs/ratify/pkg/executor/types" + et "github.com/ratify-project/ratify/pkg/executor/types" ) // VerifierCache is an interface that defines methods to set/get results from a cache diff --git a/pkg/verifiercache/memory/memorycache.go b/pkg/verifiercache/memory/memorycache.go index 5ece3b0ea..a75126023 100644 --- a/pkg/verifiercache/memory/memorycache.go +++ b/pkg/verifiercache/memory/memorycache.go @@ -19,7 +19,7 @@ import ( "context" "time" - et "github.com/deislabs/ratify/pkg/executor/types" + et "github.com/ratify-project/ratify/pkg/executor/types" ) // Cache describes an in-memory cache with automatic expiration diff --git a/plugins/referrerstore/sample/sample.go b/plugins/referrerstore/sample/sample.go index 0eeef28f6..0a26d1fb3 100644 --- a/plugins/referrerstore/sample/sample.go +++ b/plugins/referrerstore/sample/sample.go @@ -16,12 +16,12 @@ limitations under the License. package main import ( - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/plugin/skel" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin/skel" ) func main() { diff --git a/plugins/verifier/licensechecker/licensechecker.go b/plugins/verifier/licensechecker/licensechecker.go index f38ca9037..0e252f2a4 100644 --- a/plugins/verifier/licensechecker/licensechecker.go +++ b/plugins/verifier/licensechecker/licensechecker.go @@ -20,14 +20,14 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/plugins/verifier/licensechecker/utils" - - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/licensechecker/utils" + + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) type PluginConfig struct { diff --git a/plugins/verifier/sample/sample.go b/plugins/verifier/sample/sample.go index 8fc48554a..1fb80f9b8 100644 --- a/plugins/verifier/sample/sample.go +++ b/plugins/verifier/sample/sample.go @@ -20,12 +20,12 @@ import ( "fmt" "os" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin/logger" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin/logger" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) type PluginConfig struct { diff --git a/plugins/verifier/sbom/sbom.go b/plugins/verifier/sbom/sbom.go index df93746b7..cd8448da3 100644 --- a/plugins/verifier/sbom/sbom.go +++ b/plugins/verifier/sbom/sbom.go @@ -22,15 +22,15 @@ import ( "fmt" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/plugins/verifier/sbom/utils" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/plugins/verifier/sbom/utils" // This import is required to utilize the oras built-in referrer store - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" jsonLoader "github.com/spdx/tools-golang/json" "github.com/spdx/tools-golang/spdx" "github.com/spdx/tools-golang/spdx/v2/v2_3" diff --git a/plugins/verifier/sbom/sbom_test.go b/plugins/verifier/sbom/sbom_test.go index 042c2c378..8dc5a4c3f 100644 --- a/plugins/verifier/sbom/sbom_test.go +++ b/plugins/verifier/sbom/sbom_test.go @@ -20,7 +20,7 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/plugins/verifier/sbom/utils" + "github.com/ratify-project/ratify/plugins/verifier/sbom/utils" ) func TestProcessSPDXJsonMediaType(t *testing.T) { diff --git a/plugins/verifier/schemavalidator/schema_validator.go b/plugins/verifier/schemavalidator/schema_validator.go index a5ab0edd4..2af66396e 100644 --- a/plugins/verifier/schemavalidator/schema_validator.go +++ b/plugins/verifier/schemavalidator/schema_validator.go @@ -20,13 +20,13 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" - "github.com/deislabs/ratify/plugins/verifier/schemavalidator/schemavalidation" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/schemavalidator/schemavalidation" ) type PluginConfig struct { diff --git a/plugins/verifier/vulnerabilityreport/vulnerability_report.go b/plugins/verifier/vulnerabilityreport/vulnerability_report.go index c28f0b62c..37089ccf4 100644 --- a/plugins/verifier/vulnerabilityreport/vulnerability_report.go +++ b/plugins/verifier/vulnerabilityreport/vulnerability_report.go @@ -24,15 +24,15 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" - "github.com/deislabs/ratify/plugins/verifier/vulnerabilityreport/schemavalidation" imagespec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/vulnerabilityreport/schemavalidation" ) //go:embed schemavalidation/schemas diff --git a/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go b/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go index eeea7f765..e6341bfe1 100644 --- a/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go +++ b/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go @@ -20,13 +20,13 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) const sampleSarifReport string = `{ diff --git a/test/bats/quickstart-test.bats b/test/bats/quickstart-test.bats index e6c25cc14..1682b90f9 100644 --- a/test/bats/quickstart-test.bats +++ b/test/bats/quickstart-test.bats @@ -16,10 +16,10 @@ load helpers @test "validate quick start steps" { - run kubectl run demo --image=ghcr.io/deislabs/ratify/notary-image:signed + run kubectl run demo --image=ghcr.io/ratify-project/ratify/notary-image:signed assert_success # validate unsigned fails - run kubectl run demo1 --image=ghcr.io/deislabs/ratify/notary-image:unsigned + run kubectl run demo1 --image=ghcr.io/ratify-project/ratify/notary-image:unsigned assert_failure }