From 2d3a8e07bb2fe76eaacb2d63b6190c57b83aea50 Mon Sep 17 00:00:00 2001 From: Susan Shi Date: Tue, 18 Jun 2024 17:52:52 +1000 Subject: [PATCH 1/4] doc: update minor release branching strategy (#1456) Signed-off-by: Susan Shi Co-authored-by: Binbin Li --- RELEASES.md | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index f8dbf95dc..739401f67 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -9,6 +9,7 @@ The specification release process was created using content and verbiage from th * [ORAS Artifact Specification Releases](https://github.com/oras-project/artifacts-spec/blob/main/RELEASES.md) * [ORAS Developer Guide](https://github.com/oras-project/oras-www/blob/main/docs/CLI/5_developer_guide.md) * [Mystikos Release Management](https://github.com/deislabs/mystikos/blob/main/doc/releasing.md) +* [Gatekeeper Release Management](https://github.com/open-policy-agent/gatekeeper/blob/8f5201f0f48d50cc14153d100172689f03aa5f39/docs/Release_Management.md) ## Versioning @@ -26,36 +27,36 @@ Example pre-release versions include `v0.1.0-alpha1`, `v0.1.0-beta2`, `v0.1.0-rc 2. If the format of the data returned for [external data calls](docs/reference/verification-result-version.md) has changed, validate change is also reflected in [`httpserver/types.go`](httpserver/types.go). -3. Delete all dev images generated since the previous release under the `ratify-dev` and `ratify-crds-dev` [packages](https://github.com/orgs/deislabs/packages?repo_name=ratify). Each dev image tag is prefixed with `dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a build generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `dev.20230308.4cf9838`). The most recent images are also tagged with a rolling tag `latest`. +3. Delete all dev images generated since the previous release under the `ratify-dev` and `ratify-crds-dev` [packages](https://github.com/orgs/ratify-project/packages?repo_name=ratify). Each dev image tag is prefixed with `dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a build generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `dev.20230308.4cf9838`). The most recent images are also tagged with a rolling tag `latest`. -4. Delete all dev helm charts since the previous release under the `ratify-chart-dev/ratify` [packages](https://github.com/orgs/deislabs/packages?repo_name=ratify). Each helm chart is published with a semantic version compatible tag `0-dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a chart generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `0-dev.20230308.4cf9838`). The most recent dev chart is also tagged with the rolling tag `0-dev`. +4. Delete all dev helm charts since the previous release under the `ratify-chart-dev/ratify` [packages](https://github.com/orgs/ratify-project/packages?repo_name=ratify). Each helm chart is published with a semantic version compatible tag `0-dev` followed by the date of creation and then the abbreviated 7 character commit SHA (e.g a chart generated on March 8, 2023 from main branch with commit SHA `4cf98388ef33c587ef86b82e05cb0f7de2da2ea8` would be tagged `0-dev.20230308.4cf9838`). The most recent dev chart is also tagged with the rolling tag `0-dev`. 5. Copy contents from [`dev.helmfile.yaml`](dev.helmfile.yaml) to [`helmfile.yaml`](helmfile.yaml) & [`dev.high-availability.helmfile.yaml`](dev.high-availability.helmfile.yaml) to [`high-availability.helmfile.yaml`](high-availability.helmfile.yaml). You MUST update/remove values marked by comments in the files. The `dev` prefixed helmfiles are treated as staging files that are up to date with new changes on main branch. The primary `helmfile.yaml` and `high-availability.helmfile.yaml` MUST stay pinned to the current release since they are used by the quickstarts. Update `dev.helmfile.yaml` & `dev.high-availability.helmfile.yaml` ratify chart version to new release version. -6. Our `main` branch contains an extra merge commits compared to `dev` due to the PR [workflow](CONTRIBUTING.md#pull-requests), once per release, we will need to sync `dev` with the `main` branch. -Once we are looking to automate this with tracking [issue], for now we will need the following steps: - - maintainer manually disable allow force push in branch protection rule - - make sure the local main branch is up to date - - force push to dev branch, ```git push origin --force main:dev``` ## Git Release Flow This section deals with the practical considerations of versioning in Git, this repo's version control system. See the semantic versioning specification for the scope of changes allowed for each release type. +All releases will be of the form _vX.Y.Z_ where X is the major version, Y is the minor version and Z is the patch version. + ### Patch releases -When a patch release is required, the patch commits should be merged with the `main` branch when ready. Then a new branch should be created with the patch version incremented and optional pre-release specifiers. For example if the previous release was `v0.1.0`, the branch should be named `v0.1.1` and can optionally be suffixed with a pre-release (e.g. `v0.1.1-rc1`). The limited nature of fixes in a patch release should mean pre-releases can often be omitted. +Applicable fixes, including security fixes, may be backported to supported releases, depending on severity and feasibility. Patch release are cut from branch `release-X.Y`. Commits can be cherry-picked from `main`, changes should be merged into latest supported minor release-X.Y branches once required PR requirements are met. ### Minor releases -When a minor release is required, the release commits should be merged with the `main` branch when ready. Then a new branch should be created with the minor version incremented and optional pre-release specifiers. For example if the previous release was `v0.1.1`, the branch should be named `v0.2.0` and can optionally be suffixed with a pre-release (e.g. `v0.2.0-beta1`). Pre-releases will be more common will be more common with minor releases. +When a minor release is required, the release commits should be merged with the `main` branch when ready. + + - Alpha and Beta releases will be cut from the main branch. + - For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`. ### Major releases -When a major release is required, the release commits should be merged with the `main` branch when ready. Then a new branch should be created with the major version incremented and optional pre-release specifiers. For example if the previous release was `v1.1.1`, the branch should be named `v2.0.0` and can optionally be suffixed with a pre-release (e.g. `v2.0.0-alpha1`). Major versions will usually require multiple pre-release versions. +When a major release is required, the release commits should be merged with the `main` branch when ready. Major versions will usually require multiple pre-release versions. Similar to minor releases, the new branch should be created for the RC and stable release. ### Tag and Release -Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the release branch is ready, a tag should be pushed with a name matching the branch name, e.g. `git tag v0.1.0-alpha1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): +**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): * The release will be marked as a draft to allow an final editing before publishing. * The release notes and other fields can edited after the action completes. The description can be in Markdown. @@ -63,20 +64,25 @@ Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/fil * The pre-built binaries are built from commit at the head of the release branch. * The files are named `ratify_--__` with `.zip` files for Windows and `.tar.gz` for all others. -## Post Release Activity +## Supported Releases +Applicable fixes, including security fixes, may be cherry-picked into the release branch, depending on severity and feasibility. Patch releases are cut from that branch as needed. + +We expect to "support" n (current). "Support" means we expect users to be running that version in production. For example, when v1.2 comes out, v1.1 will no longer be supported for patches, and we encourage users to upgrade to a supported version as soon as possible. -1. Our `main` branch contains an extra merge commits compared to `dev` due to the PR [workflow](CONTRIBUTING.md#pull-requests), once per release, we will need to sync `dev` with the `main` branch. -Once we are looking to automate this with tracking [issue], for now we will need the following steps: - - maintainer manually disable allow force push in branch protection rule - - make sure the local main branch is up to date - - force push to dev branch, ```git push origin --force main:dev``` +## Supported Kubernetes and Gatekeeper Versions + +Ratify is assumed to be compatible with [GateKeeper Supported Versions](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/Release_Management.md#supported-releases) and the [current Kubernetes Supported Versions](https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches) per [Kubernetes Supported Versions policy](https://kubernetes.io/releases/version-skew-policy/). + +For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). + +## Post Release Activity -2. After a successful release, please manually trigger [quick start action](.github/quick-start.yml) to validate the quick start test is passing. Validate in the run logs that the version of ratify matches the latest released version. +After a successful release, please manually trigger [quick start action](.github/quick-start.yml) to validate the quick start test is passing. Validate in the run logs that the version of ratify matches the latest released version. ### Weekly Dev Release #### Publishing Guidelines -- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/deislabs/ratify/blob/main/.github/workflows/publish-package.yml#L8). +- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). - Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. - Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` - Go to the `Actions` tab for the Ratify repository @@ -90,15 +96,15 @@ Once we are looking to automate this with tracking [issue], for now we will need - Once issue is created, post in the `#ratify` slack channel and tag the maintainers - Maintainers should acknowledge request by approving/denying request as a follow up comment #### How to use a dev build -1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/deislabs/ratify/pkgs/container/ratify-dev) and [here](https://github.com/deislabs/ratify/pkgs/container/ratify-crds-dev). +1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-dev) and [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-crds-dev). 2. the `repository` `crdRepository` and `tag` fields must be updated in the helm chart to point to dev build instead of last released build. Please set the tag to be latest tag found at the corresponding `-dev` suffixed package. An example install command scaffold: ``` helm install ratify \ ./charts/ratify --atomic \ --namespace gatekeeper-system \ - --set image.repository=ghcr.io/deislabs/ratify-dev - --set image.crdRepository=ghcr.io/deislabs/ratify-crds-dev + --set image.repository=ghcr.io/ratify-project/ratify-dev + --set image.crdRepository=ghcr.io/ratify-project/ratify-crds-dev --set image.tag=dev.. --set-file notationCerts[0]=./test/testdata/notation.crt ``` -NOTE: the tag field is the only value that will change when updating to newer dev build images \ No newline at end of file +NOTE: the tag field is the only value that will change when updating to newer dev build images From f536f68762f1d3b962a87cc77283a1bd786c5805 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Tue, 18 Jun 2024 18:04:40 -0700 Subject: [PATCH 2/4] ci: harden github actions (#1579) Signed-off-by: StepSecurity Bot Co-authored-by: Akash Singhal --- .github/workflows/build-pr.yml | 5 +++++ .github/workflows/cache-cleanup.yml | 5 +++++ .github/workflows/clean-dev-package.yml | 5 +++++ .github/workflows/codeql.yml | 5 +++++ .github/workflows/e2e-aks.yml | 5 +++++ .github/workflows/e2e-cli.yml | 20 ++++++++++++++++++++ .github/workflows/e2e-k8s.yml | 5 +++++ .github/workflows/golangci-lint.yml | 5 +++++ .github/workflows/high-availability.yml | 5 +++++ .github/workflows/pr-to-main.yml | 5 +++++ .github/workflows/publish-charts.yml | 5 +++++ .github/workflows/publish-dev-assets.yml | 5 +++++ .github/workflows/publish-package.yml | 5 +++++ .github/workflows/publish-sample.yml | 5 +++++ .github/workflows/quick-start.yml | 5 +++++ .github/workflows/release.yml | 5 +++++ .github/workflows/run-full-validation.yml | 5 +++++ .github/workflows/scorecards.yml | 5 +++++ .github/workflows/sync-gh-pages.yml | 5 +++++ 19 files changed, 110 insertions(+) diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 1d50f647d..131743efc 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -71,6 +71,11 @@ jobs: contents: read environment: azure-test steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml index 191e5b1c8..3b6e92dfd 100644 --- a/.github/workflows/cache-cleanup.yml +++ b/.github/workflows/cache-cleanup.yml @@ -11,6 +11,11 @@ jobs: cleanup: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Cleanup run: | gh extension install actions/gh-actions-cache diff --git a/.github/workflows/clean-dev-package.yml b/.github/workflows/clean-dev-package.yml index f21baa6cc..384ffb7e6 100644 --- a/.github/workflows/clean-dev-package.yml +++ b/.github/workflows/clean-dev-package.yml @@ -12,6 +12,11 @@ jobs: permissions: packages: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Clean up ratify-crds-dev uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c3a0e0e64..5d8b8b868 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,6 +26,11 @@ jobs: security-events: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 - name: setup go environment diff --git a/.github/workflows/e2e-aks.yml b/.github/workflows/e2e-aks.yml index 6d03f90c1..d11028b42 100644 --- a/.github/workflows/e2e-aks.yml +++ b/.github/workflows/e2e-aks.yml @@ -32,6 +32,11 @@ jobs: id-token: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/e2e-cli.yml b/.github/workflows/e2e-cli.yml index c41eecc35..1ae9fd279 100644 --- a/.github/workflows/e2e-cli.yml +++ b/.github/workflows/e2e-cli.yml @@ -10,6 +10,11 @@ jobs: check-license: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Check license header @@ -26,6 +31,11 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: setup go environment @@ -50,6 +60,11 @@ jobs: permissions: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment @@ -73,6 +88,11 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/e2e-k8s.yml b/.github/workflows/e2e-k8s.yml index 26aa22e82..31fb49a7a 100644 --- a/.github/workflows/e2e-k8s.yml +++ b/.github/workflows/e2e-k8s.yml @@ -25,6 +25,11 @@ jobs: permissions: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 4e8309186..a27d793ff 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -14,6 +14,11 @@ jobs: name: lint runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: '1.21' diff --git a/.github/workflows/high-availability.yml b/.github/workflows/high-availability.yml index 75e44a8be..a61da8982 100644 --- a/.github/workflows/high-availability.yml +++ b/.github/workflows/high-availability.yml @@ -29,6 +29,11 @@ jobs: matrix: DAPR_VERSION: ["1.13.2"] steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/pr-to-main.yml b/.github/workflows/pr-to-main.yml index 5815d6742..502baaaae 100644 --- a/.github/workflows/pr-to-main.yml +++ b/.github/workflows/pr-to-main.yml @@ -13,6 +13,11 @@ jobs: name: Create PR Release to Main runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: git checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 diff --git a/.github/workflows/publish-charts.yml b/.github/workflows/publish-charts.yml index 06d9319a8..1dd88dab9 100644 --- a/.github/workflows/publish-charts.yml +++ b/.github/workflows/publish-charts.yml @@ -12,6 +12,11 @@ jobs: permissions: contents: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Publish Helm charts uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index 557192c65..f79f4b2f4 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -14,6 +14,11 @@ jobs: packages: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 373832191..911f09bae 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -15,6 +15,11 @@ jobs: packages: write contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: prepare diff --git a/.github/workflows/publish-sample.yml b/.github/workflows/publish-sample.yml index e7eb67a08..dfbe9dd37 100644 --- a/.github/workflows/publish-sample.yml +++ b/.github/workflows/publish-sample.yml @@ -18,6 +18,11 @@ jobs: contents: write packages: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Get repo run: | echo "REPOSITORY=${{ env.REGISTRY }}/${{ github.repository }}" >> $GITHUB_ENV diff --git a/.github/workflows/quick-start.yml b/.github/workflows/quick-start.yml index 3c31daf05..4d6ba4ca6 100644 --- a/.github/workflows/quick-start.yml +++ b/.github/workflows/quick-start.yml @@ -29,6 +29,11 @@ jobs: matrix: KUBERNETES_VERSION: ["1.29.2"] steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go environment diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5270fe2aa..252927429 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,11 @@ jobs: permissions: contents: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: diff --git a/.github/workflows/run-full-validation.yml b/.github/workflows/run-full-validation.yml index f80e72e84..1361c97b9 100644 --- a/.github/workflows/run-full-validation.yml +++ b/.github/workflows/run-full-validation.yml @@ -59,6 +59,11 @@ jobs: contents: read environment: azure-test steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: Check out code into the Go module directory uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go 1.21 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 5ad8f9b6d..2314a2688 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,6 +27,11 @@ jobs: contents: read steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - name: "Checkout code" uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=3.0.2 with: diff --git a/.github/workflows/sync-gh-pages.yml b/.github/workflows/sync-gh-pages.yml index e374a81a6..fc8baaa43 100644 --- a/.github/workflows/sync-gh-pages.yml +++ b/.github/workflows/sync-gh-pages.yml @@ -16,6 +16,11 @@ jobs: pull-requests: write repository-projects: write steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: everlytic/branch-merge@c4a244dc23143f824ae6c022a10732566cb8e973 with: From 91b9889413b9369ec0e721a80d7146b906c0a0fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 09:13:59 +1000 Subject: [PATCH 3/4] chore: Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#1575) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Akash Singhal Co-authored-by: huish@microsoft.com --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 85016cf9f..66a52e459 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-jose/go-jose/v3 v3.0.3 github.com/golang/protobuf v1.5.4 - github.com/google/go-containerregistry v0.19.1 + github.com/google/go-containerregistry v0.19.2 github.com/gorilla/mux v1.8.1 github.com/notaryproject/notation-core-go v1.0.3 github.com/notaryproject/notation-go v1.0.1 @@ -91,6 +91,7 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/docker/docker v24.0.9+incompatible // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect @@ -152,7 +153,6 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/fxamacker/cbor/v2 v2.6.0 // indirect diff --git a/go.sum b/go.sum index 13f932961..9672f41e6 100644 --- a/go.sum +++ b/go.sum @@ -434,8 +434,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= -github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= From 4a5fee5a7410d38dec0ab6a0b6cc7979026d2e36 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Wed, 19 Jun 2024 16:52:26 -0700 Subject: [PATCH 4/4] chore: remodule ratify package (#1552) --- .github/workflows/publish-dev-assets.yml | 4 +- .github/workflows/publish-package.yml | 4 +- .goreleaser.yml | 2 +- CONTRIBUTING.md | 18 ++--- Makefile | 18 ++--- README.md | 6 +- RELEASES.md | 44 ++++++------ ROADMAP.md | 12 ++-- api/v1alpha1/certificatestore_conversion.go | 2 +- api/v1alpha1/doc.go | 2 +- api/v1alpha1/policy_conversion.go | 4 +- api/v1alpha1/policy_conversion_test.go | 4 +- api/v1alpha1/store_conversion.go | 2 +- api/v1alpha1/verifier_conversion.go | 2 +- api/v1alpha1/zz_generated.conversion.go | 2 +- api/v1beta1/doc.go | 2 +- api/v1beta1/zz_generated.conversion.go | 2 +- charts/ratify/Chart.yaml | 4 +- charts/ratify/README.md | 4 +- charts/ratify/values.yaml | 4 +- cmd/ratify/cmd/discover.go | 16 ++--- cmd/ratify/cmd/referrer.go | 10 +-- cmd/ratify/cmd/resolve.go | 10 +-- cmd/ratify/cmd/root.go | 4 +- cmd/ratify/cmd/serve.go | 10 +-- cmd/ratify/cmd/verify.go | 18 ++--- cmd/ratify/cmd/version.go | 2 +- cmd/ratify/main.go | 16 ++--- config/config.go | 26 +++---- config/configManager.go | 2 +- ...ication Provider Support For ORAS Store.md | 4 +- .../design/Config Policy Provider Refactor.md | 2 +- docs/design/Cosign Upgrade 2024.md | 6 +- docs/design/Metrics.md | 2 +- .../Policy Provider refactor (deprecated).md | 2 +- .../Ratify Vulnerability Report Verifier.md | 2 +- ...fication Result Cache at Executor Level.md | 4 +- .../Cosign Upgrade Discussion 2024.md | 12 ++-- .../Negative test cases for Ratify.md | 32 ++++----- experimental/generate-protos.sh | 4 +- .../proto/v1/orchestrator/orchestrator.pb.go | 2 +- .../v1/referrerstore/referrerstore.pb.go | 2 +- experimental/proto/v1/verifier/verifier.pb.go | 2 +- experimental/ratify/proto/README.md | 2 +- experimental/ratify/proto/v1/common.proto | 2 +- .../ratify/proto/v1/orchestrator.proto | 2 +- .../ratify/proto/v1/referrerstore.proto | 2 +- experimental/ratify/proto/v1/verifier.proto | 2 +- go.mod | 2 +- httpserver/Dockerfile | 2 +- httpserver/context.go | 2 +- httpserver/handlers.go | 20 +++--- httpserver/server.go | 6 +- httpserver/server_test.go | 18 ++--- httpserver/types.go | 4 +- httpserver/types_test.go | 4 +- internal/logger/logger.go | 4 +- pkg/cache/dapr/dapr.go | 8 +-- pkg/cache/ristretto/ristretto.go | 6 +- pkg/cache/ristretto/ristretto_test.go | 2 +- pkg/certificateprovider/azurekeyvault/auth.go | 2 +- .../azurekeyvault/provider.go | 12 ++-- .../azurekeyvault/provider_test.go | 2 +- .../certificate_provider.go | 2 +- .../certificate_provider_test.go | 2 +- pkg/certificateprovider/inline/provider.go | 4 +- pkg/common/oras/authprovider/authprovider.go | 4 +- .../oras/authprovider/authprovider_test.go | 2 +- .../oras/authprovider/authproviderfactory.go | 2 +- .../oras/authprovider/aws/awsecrbasic.go | 4 +- .../oras/authprovider/azure/azureidentity.go | 6 +- .../authprovider/azure/azureidentity_test.go | 4 +- .../azure/azureworkloadidentity.go | 10 +-- .../azure/azureworkloadidentity_test.go | 4 +- pkg/common/oras/authprovider/azure/const.go | 2 +- .../authprovider/k8secret_authprovider.go | 6 +- .../k8secret_authprovider_test.go | 2 +- pkg/common/plugin/download.go | 8 +-- pkg/common/plugin/download_test.go | 2 +- pkg/common/plugin/exec.go | 2 +- pkg/common/utils/utils.go | 2 +- pkg/common/utils/utils_test.go | 2 +- .../keymanagementprovider_controller.go | 12 ++-- .../keymanagementprovider_controller_test.go | 8 +-- .../clusterresource/policy_controller.go | 8 +-- .../clusterresource/policy_controller_test.go | 12 ++-- .../clusterresource/store_controller.go | 8 +-- .../clusterresource/store_controller_test.go | 12 ++-- .../clusterresource/verifier_controller.go | 8 +-- .../verifier_controller_test.go | 10 +-- .../certificatestore_controller.go | 14 ++-- .../certificatestore_controller_test.go | 14 ++-- .../keymanagementprovider_controller.go | 12 ++-- .../keymanagementprovider_controller_test.go | 10 +-- .../namespaceresource/policy_controller.go | 8 +-- .../policy_controller_test.go | 12 ++-- .../namespaceresource/store_controller.go | 8 +-- .../store_controller_test.go | 8 +-- .../namespaceresource/verifier_controller.go | 8 +-- .../verifier_controller_test.go | 8 +-- pkg/controllers/resource_map.go | 8 +-- pkg/controllers/utils/kmp.go | 10 +-- pkg/controllers/utils/kmp_test.go | 4 +- pkg/controllers/utils/policy.go | 6 +- pkg/controllers/utils/policy_test.go | 6 +- pkg/controllers/utils/store.go | 12 ++-- pkg/controllers/utils/store_test.go | 8 +-- pkg/controllers/utils/verifier.go | 12 ++-- pkg/controllers/utils/verifier_test.go | 12 ++-- .../certificatestores/certificatestores.go | 8 +-- .../certificatestores_test.go | 6 +- pkg/customresources/policies/api.go | 2 +- pkg/customresources/policies/policies.go | 4 +- pkg/customresources/policies/policies_test.go | 8 +-- pkg/customresources/referrerstores/api.go | 2 +- pkg/customresources/referrerstores/stores.go | 4 +- .../referrerstores/stores_test.go | 10 +-- pkg/customresources/verifiers/api.go | 2 +- pkg/customresources/verifiers/verifiers.go | 4 +- .../verifiers/verifiers_test.go | 10 +-- pkg/executor/api.go | 2 +- pkg/executor/core/executor.go | 30 ++++---- pkg/executor/core/executor_test.go | 28 ++++---- pkg/executor/core/executorwithcache.go | 6 +- pkg/executor/core/testtypes.go | 8 +-- pkg/executor/types/types.go | 2 +- .../azurekeyvault/auth.go | 2 +- .../azurekeyvault/provider.go | 16 ++--- .../azurekeyvault/provider_test.go | 4 +- pkg/keymanagementprovider/factory/factory.go | 6 +- .../factory/factory_test.go | 6 +- pkg/keymanagementprovider/inline/provider.go | 8 +-- .../inline/provider_test.go | 4 +- .../keymanagementprovider.go | 8 +-- .../keymanagementprovider_test.go | 4 +- pkg/keymanagementprovider/mocks/types.go | 2 +- pkg/manager/manager.go | 32 ++++----- pkg/metrics/stats_reporter.go | 4 +- pkg/metrics/stats_reporter_test.go | 2 +- pkg/policyprovider/api.go | 6 +- .../configpolicy/configpolicy.go | 18 ++--- .../configpolicy/configpolicy_test.go | 14 ++-- pkg/policyprovider/factory/factory.go | 8 +-- pkg/policyprovider/factory/factory_test.go | 6 +- pkg/policyprovider/mocks/types.go | 8 +-- .../policyengine/opaengine/opa_engine.go | 4 +- .../policyengine/opaengine/opa_engine_test.go | 2 +- pkg/policyprovider/policyquery/rego/query.go | 2 +- pkg/policyprovider/regopolicy/regopolicy.go | 24 +++---- .../regopolicy/regopolicy_test.go | 8 +-- pkg/referrerstore/api.go | 6 +- pkg/referrerstore/factory/factory.go | 14 ++-- pkg/referrerstore/factory/factory_test.go | 12 ++-- pkg/referrerstore/mocks/memory_store.go | 8 +-- pkg/referrerstore/mocks/types.go | 8 +-- pkg/referrerstore/oras/cache.go | 12 ++-- pkg/referrerstore/oras/cache_test.go | 10 +-- pkg/referrerstore/oras/cosign.go | 6 +- pkg/referrerstore/oras/cosign_test.go | 12 ++-- pkg/referrerstore/oras/oras.go | 32 ++++----- pkg/referrerstore/oras/oras_test.go | 10 +-- pkg/referrerstore/oras/utils.go | 2 +- pkg/referrerstore/oras/utils_test.go | 2 +- pkg/referrerstore/plugin/args.go | 2 +- pkg/referrerstore/plugin/plugin.go | 12 ++-- pkg/referrerstore/plugin/plugin_test.go | 4 +- pkg/referrerstore/plugin/skel/skel.go | 14 ++-- pkg/referrerstore/plugin/skel/skel_test.go | 12 ++-- pkg/referrerstore/types/types.go | 4 +- pkg/referrerstore/utils/utils.go | 10 +-- pkg/referrerstore/utils/utils_test.go | 6 +- pkg/utils/azureauth/authenticationUtils.go | 2 +- pkg/utils/certificateUtil_test.go | 2 +- pkg/utils/certificateUtils.go | 2 +- pkg/utils/test_utils.go | 2 +- pkg/utils/utils.go | 4 +- pkg/utils/utils_test.go | 2 +- pkg/verifier/api.go | 6 +- pkg/verifier/config/config.go | 4 +- pkg/verifier/cosign/cosign.go | 24 +++---- pkg/verifier/cosign/cosign_test.go | 14 ++-- pkg/verifier/cosign/trustpolicies.go | 2 +- pkg/verifier/cosign/trustpolicies_test.go | 68 +++++++++---------- pkg/verifier/cosign/trustpolicy.go | 6 +- pkg/verifier/cosign/trustpolicy_test.go | 4 +- pkg/verifier/factory/factory.go | 14 ++-- pkg/verifier/factory/factory_test.go | 18 ++--- pkg/verifier/mocks/types.go | 6 +- pkg/verifier/notation/notation.go | 24 +++---- pkg/verifier/notation/notation_test.go | 14 ++-- pkg/verifier/notation/truststore.go | 8 +-- pkg/verifier/notation/truststore_test.go | 2 +- pkg/verifier/plugin/args.go | 2 +- pkg/verifier/plugin/plugin.go | 18 ++--- pkg/verifier/plugin/plugin_test.go | 6 +- pkg/verifier/plugin/skel/skel.go | 22 +++--- pkg/verifier/plugin/skel/skel_test.go | 18 ++--- pkg/verifier/types/types.go | 2 +- pkg/verifier/utils/utils.go | 2 +- pkg/verifiercache/api.go | 2 +- pkg/verifiercache/memory/memorycache.go | 2 +- plugins/referrerstore/sample/sample.go | 8 +-- .../verifier/licensechecker/licensechecker.go | 16 ++--- plugins/verifier/sample/sample.go | 12 ++-- plugins/verifier/sbom/sbom.go | 14 ++-- plugins/verifier/sbom/sbom_test.go | 2 +- .../schemavalidator/schema_validator.go | 14 ++-- .../vulnerability_report.go | 14 ++-- .../vulnerability_report_test.go | 8 +-- test/bats/quickstart-test.bats | 4 +- 210 files changed, 848 insertions(+), 842 deletions(-) diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index f79f4b2f4..8af578658 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -56,7 +56,7 @@ jobs: docker buildx create --use docker buildx build -f ./httpserver/Dockerfile \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.baseref }}:${{ steps.prepare.outputs.version }} \ -t ${{ steps.prepare.outputs.baseref }} \ @@ -70,7 +70,7 @@ jobs: --build-arg build_licensechecker=true \ --build-arg build_schemavalidator=true \ --build-arg build_vulnerabilityreport=true \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.ref }}:${{ steps.prepare.outputs.version }} \ -t ${{ steps.prepare.outputs.ref }} \ diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 911f09bae..186395bd2 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -55,7 +55,7 @@ jobs: docker buildx create --use docker buildx build -f ./httpserver/Dockerfile \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.baseref }} \ --push . @@ -68,7 +68,7 @@ jobs: --build-arg build_licensechecker=true \ --build-arg build_schemavalidator=true \ --build-arg build_vulnerabilityreport=true \ - --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ + --build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \ --label org.opencontainers.image.revision=${{ github.sha }} \ -t ${{ steps.prepare.outputs.ref }} \ --push . diff --git a/.goreleaser.yml b/.goreleaser.yml index 994d94350..4d7daf6c7 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -19,7 +19,7 @@ builds: - goos: windows goarch: arm64 ldflags: - - -w -X github.com/deislabs/ratify/internal/version.GitTag={{.Version}} -X github.com/deislabs/ratify/internal/version.GitCommitHash={{.FullCommit}} + - -w -X github.com/ratify-project/ratify/internal/version.GitTag={{.Version}} -X github.com/ratify-project/ratify/internal/version.GitCommitHash={{.FullCommit}} - id: sbom dir: plugins/verifier/sbom diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index df4140815..a78ac3759 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Welcome! We are very happy to accept community contributions to Ratify, whether ## Pull Requests -If you'd like to start contributing to Ratify, you can search for issues tagged as "good first issue" [here](https://github.com/deislabs/ratify/labels/good%20first%20issue). +If you'd like to start contributing to Ratify, you can search for issues tagged as "good first issue" [here](https://github.com/ratify-project/ratify/labels/good%20first%20issue). We use the `dev` branch as the our default branch. PRs passing the basic set of validation can be merged to the `dev` branch, we then run the full suite of validation including cloud specific tests on `dev` before changes can be merged into `main`. All ratify release are cut from the `main` branch. A sample PR process is outlined below: 1. Fork this repo and create your dev branch from default `dev` branch. @@ -148,7 +148,7 @@ Sample JSON stdin Press `Ctrl+D` to send EOF character to terminate the stdin input. (Note: you may have to press `Ctrl+D` twice) -View more plugin debugging information [here](https://github.com/deislabs/ratify-verifier-plugin#debugging-in-vs-code) +View more plugin debugging information [here](https://github.com/ratify-project/ratify-verifier-plugin#debugging-in-vs-code) ### Test local changes in the k8s cluster scenario @@ -161,14 +161,14 @@ Follow the steps below to build and deploy a Ratify image with your private chan export REGISTRY=yourregistry docker buildx create --use -docker buildx build -f httpserver/Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/deislabs/ratify:yourtag . +docker buildx build -f httpserver/Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/ratify-project/ratify:yourtag . docker build --progress=plain --build-arg KUBE_VERSION="1.29.2" --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t ${REGISTRY}/localbuildcrd:yourtag ./charts/ratify/crds ``` #### [Authenticate](https://docs.docker.com/engine/reference/commandline/login/#usage) with your registry, and push the newly built image ```bash -docker push ${REGISTRY}/deislabs/ratify:yourtag +docker push ${REGISTRY}/ratify-project/ratify:yourtag docker push ${REGISTRY}/localbuildcrd:yourtag ``` @@ -196,16 +196,16 @@ Development charts + images are published weekly and latest versions are tagged Deploy to cluster: ```bash -helmfile sync -f git::https://github.com/deislabs/ratify.git@dev.helmfile.yaml +helmfile sync -f git::https://github.com/ratify-project/ratify.git@dev.helmfile.yaml ``` ### Deploy from local helm chart -#### Update [values.yaml](https://github.com/deislabs/ratify/blob/main/charts/ratify/values.yaml) to pull from your registry, when reusing image tag, setting pull policy to "Always" ensures we are pull the new changes +#### Update [values.yaml](https://github.com/ratify-project/ratify/blob/main/charts/ratify/values.yaml) to pull from your registry, when reusing image tag, setting pull policy to "Always" ensures we are pull the new changes ```json image: - repository: yourregistry/deislabs/ratify + repository: yourregistry/ratify-project/ratify tag: yourtag pullPolicy: Always ``` @@ -314,13 +314,13 @@ If you'd like to contribute to the collection of plugins: ## Feature Suggestions -* Please first search [Open Ratify Issues](https://github.com/deislabs/ratify/issues) before opening an issue to check whether your feature has already been suggested. If it has, feel free to add your own comments to the existing issue. +* Please first search [Open Ratify Issues](https://github.com/ratify-project/ratify/issues) before opening an issue to check whether your feature has already been suggested. If it has, feel free to add your own comments to the existing issue. * Ensure you have included a "What?" - what your feature entails, being as specific as possible, and giving mocked-up syntax examples where possible. * Ensure you have included a "Why?" - what the benefit of including this feature will be. ## Bug Reports -* Please first search [Open Ratify Issues](https://github.com/deislabs/ratify/issues) before opening an issue, to see if it has already been reported. +* Please first search [Open Ratify Issues](https://github.com/ratify-project/ratify/issues) before opening an issue, to see if it has already been reported. * Try to be as specific as possible, including the version of the Ratify CLI used to reproduce the issue, and any example arguments needed to reproduce it. ## CLA diff --git a/Makefile b/Makefile index 3801ecd55..d57370583 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ BINARY_NAME = ratify INSTALL_DIR = ~/.ratify CERT_DIR = ${GITHUB_WORKSPACE}/tls/certs -GO_PKG = github.com/deislabs/ratify +GO_PKG = github.com/ratify-project/ratify GIT_COMMIT_HASH = $(shell git rev-parse HEAD) GIT_TREE_STATE = $(shell test -n "`git status --porcelain`" && echo "modified" || echo "unmodified") GIT_TAG = $(shell git describe --tags --abbrev=0 --exact-match 2>/dev/null) @@ -75,17 +75,17 @@ build: build-cli build-plugins .PHONY: build-cli build-cli: fmt vet go build --ldflags="$(LDFLAGS)" -cover \ - -coverpkg=github.com/deislabs/ratify/pkg/...,github.com/deislabs/ratify/config/...,github.com/deislabs/ratify/cmd/... \ + -coverpkg=github.com/ratify-project/ratify/pkg/...,github.com/ratify-project/ratify/config/...,github.com/ratify-project/ratify/cmd/... \ -o ./bin/${BINARY_NAME} ./cmd/${BINARY_NAME} .PHONY: build-plugins build-plugins: - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/licensechecker/... -o ./bin/plugins/ ./plugins/verifier/licensechecker - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sample/... -o ./bin/plugins/ ./plugins/verifier/sample - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/referrerstore/sample/... -o ./bin/plugins/referrerstore/ ./plugins/referrerstore/sample - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sbom/... -o ./bin/plugins/ ./plugins/verifier/sbom - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/schemavalidator/... -o ./bin/plugins/ ./plugins/verifier/schemavalidator - go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/vulnerabilityreport/... -o ./bin/plugins/ ./plugins/verifier/vulnerabilityreport + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/licensechecker/... -o ./bin/plugins/ ./plugins/verifier/licensechecker + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/sample/... -o ./bin/plugins/ ./plugins/verifier/sample + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/referrerstore/sample/... -o ./bin/plugins/referrerstore/ ./plugins/referrerstore/sample + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/sbom/... -o ./bin/plugins/ ./plugins/verifier/sbom + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/schemavalidator/... -o ./bin/plugins/ ./plugins/verifier/schemavalidator + go build -cover -coverpkg=github.com/ratify-project/ratify/plugins/verifier/vulnerabilityreport/... -o ./bin/plugins/ ./plugins/verifier/vulnerabilityreport .PHONY: install install: @@ -572,7 +572,7 @@ load-local-ratify-image: kind load docker-image --name kind localbuild:test e2e-helmfile-deploy-released-ratify: - ./.staging/helmfilebin/helmfile sync -f git::https://github.com/deislabs/ratify.git@helmfile.yaml + ./.staging/helmfilebin/helmfile sync -f git::https://github.com/ratify-project/ratify.git@helmfile.yaml e2e-helm-deploy-ratify: printf "{\n\t\"auths\": {\n\t\t\"registry:5000\": {\n\t\t\t\"auth\": \"`echo "${TEST_REGISTRY_USERNAME}:${TEST_REGISTRY_PASSWORD}" | tr -d '\n' | base64 -i -w 0`\"\n\t\t}\n\t}\n}" > mount_config.json diff --git a/README.md b/README.md index 5efef3314..20daa0dfb 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ Is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create. -[![Go Report Card](https://goreportcard.com/badge/github.com/deislabs/ratify)](https://goreportcard.com/report/github.com/deislabs/ratify) -[![build-pr](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/deislabs/ratify/actions/workflows/build-pr.yml) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/deislabs/ratify) +[![Go Report Card](https://goreportcard.com/badge/github.com/ratify-project/ratify)](https://goreportcard.com/report/github.com/ratify-project/ratify) +[![build-pr](https://github.com/ratify-project/ratify/actions/workflows/build-pr.yml/badge.svg)](https://github.com/ratify-project/ratify/actions/workflows/build-pr.yml) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ratify-project/ratify/badge)](https://api.securityscorecards.dev/projects/github.com/ratify-project/ratify) [![Go Reference](https://pkg.go.dev/badge/github.com/deislabs/ratify.svg)](https://pkg.go.dev/github.com/deislabs/ratify) ## Table of Contents diff --git a/RELEASES.md b/RELEASES.md index 739401f67..bbf03b1ac 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -45,10 +45,10 @@ Applicable fixes, including security fixes, may be backported to supported relea ### Minor releases -When a minor release is required, the release commits should be merged with the `main` branch when ready. +When a minor release is required, the release commits should be merged with the `main` branch when ready. - - Alpha and Beta releases will be cut from the main branch. - - For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`. +* Alpha and Beta releases will be cut from the main branch. +* For RC and stable releases, a new branch `release-X.Y` will be created from `main`. Required changes for the minor release should be PRed to the `dev` branch, the change will then be cherry picked to `release-X.Y` from `main`.S ### Major releases @@ -56,7 +56,7 @@ When a major release is required, the release commits should be merged with the ### Tag and Release -**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/deislabs/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): +**X.Y.Z** refers to the version (git tag) of Ratify that is released. Prepare the release with a [PR](https://github.com/ratify-project/ratify/pull/1031/files) to update the chart value. When the `release-X.Y` branch is ready, a tag **X.Y.Z** should be pushed. e.g. `git tag v1.1.1` and `git push --tags`. This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/): * The release will be marked as a draft to allow an final editing before publishing. * The release notes and other fields can edited after the action completes. The description can be in Markdown. @@ -65,6 +65,7 @@ When a major release is required, the release commits should be merged with the * The files are named `ratify_--__` with `.zip` files for Windows and `.tar.gz` for all others. ## Supported Releases + Applicable fixes, including security fixes, may be cherry-picked into the release branch, depending on severity and feasibility. Patch releases are cut from that branch as needed. We expect to "support" n (current). "Support" means we expect users to be running that version in production. For example, when v1.2 comes out, v1.1 will no longer be supported for patches, and we encourage users to upgrade to a supported version as soon as possible. @@ -73,7 +74,7 @@ We expect to "support" n (current). "Support" means we expect users to be runnin Ratify is assumed to be compatible with [GateKeeper Supported Versions](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/Release_Management.md#supported-releases) and the [current Kubernetes Supported Versions](https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches) per [Kubernetes Supported Versions policy](https://kubernetes.io/releases/version-skew-policy/). -For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). +For example, if Gatekeeper _supported_ versions are v3.13 and v3.14, and Kubernetes _supported_ versions are v1.28, v1.29, then current version of Ratify (v1.2) are assumed to be compatible with all supported Kubernetes versions (v1.28, v1.29) and Gatekeeper version(v3.13, v3.14). ## Post Release Activity @@ -82,23 +83,27 @@ After a successful release, please manually trigger [quick start action](.github ### Weekly Dev Release #### Publishing Guidelines -- Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). -- Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. -- Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` - - Go to the `Actions` tab for the Ratify repository - - Select `publish-ghcr` option from list of workflows on left pane - - Select the `Run workflow` drop down on the right side above the list of action runs - - Choose `Branch: main` - - Select `Run workflow` -- Process to Request an off-schedule dev build be published - - Submit a new feature request issue prefixed with `[Dev Build Request]` - - In the the `What this PR does / why we need it` section, briefly explain why an off schedule build is needed - - Once issue is created, post in the `#ratify` slack channel and tag the maintainers - - Maintainers should acknowledge request by approving/denying request as a follow up comment + +* Ratify is configured to generate and publish dev build images based on the schedule [here](https://github.com/ratify-project/ratify/blob/main/.github/workflows/publish-package.yml#L8). +* Contributors MUST select the `Helm Chart Change` option under the `Type of Change` section if there is ANY update to the helm chart that is required for proposed changes in PR. +* Maintainers MUST manually trigger the "Publish Package" workflow after merging any PR that indicates `Helm Chart Change` + * Go to the `Actions` tab for the Ratify repository + * Select `publish-ghcr` option from list of workflows on left pane + * Select the `Run workflow` drop down on the right side above the list of action runs + * Choose `Branch: main` + * Select `Run workflow` +* Process to Request an off-schedule dev build be published + * Submit a new feature request issue prefixed with `[Dev Build Request]` + * In the the `What this PR does / why we need it` section, briefly explain why an off schedule build is needed + * Once issue is created, post in the `#ratify` slack channel and tag the maintainers + * Maintainers should acknowledge request by approving/denying request as a follow up comment + #### How to use a dev build + 1. The `ratify` image and `ratify-crds` image for dev builds exist as separate packages on Github [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-dev) and [here](https://github.com/ratify-project/ratify/pkgs/container/ratify-crds-dev). 2. the `repository` `crdRepository` and `tag` fields must be updated in the helm chart to point to dev build instead of last released build. Please set the tag to be latest tag found at the corresponding `-dev` suffixed package. An example install command scaffold: -``` + +```bash helm install ratify \ ./charts/ratify --atomic \ --namespace gatekeeper-system \ @@ -107,4 +112,5 @@ helm install ratify \ --set image.tag=dev.. --set-file notationCerts[0]=./test/testdata/notation.crt ``` + NOTE: the tag field is the only value that will change when updating to newer dev build images diff --git a/ROADMAP.md b/ROADMAP.md index 9b444c848..b98c8f72f 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -10,7 +10,7 @@ This document presents the roadmap of Ratify that translates our strategy into p ## Milestones -The Ratify roadmap is divided into milestones, each with a set of features (high level) and timeline. The milestones marked as `Tentative` are subject to change based on the project’s priorities and the community’s feedback. We will prioritize releases for security or urgent fixes, so the roadmap may be adjusted and new features may be postponed to the next milestone. Any dates and features listed below in a given milestone are subject to change. See the [GitHub milestones](https://github.com/deislabs/ratify/milestones?state=open) for the most up-to-date issues and their status. We are targeting to release a new Ratify version every 3 or 4 months. +The Ratify roadmap is divided into milestones, each with a set of features (high level) and timeline. The milestones marked as `Tentative` are subject to change based on the project’s priorities and the community’s feedback. We will prioritize releases for security or urgent fixes, so the roadmap may be adjusted and new features may be postponed to the next milestone. Any dates and features listed below in a given milestone are subject to change. See the [GitHub milestones](https://github.com/ratify-project/ratify/milestones?state=open) for the most up-to-date issues and their status. We are targeting to release a new Ratify version every 3 or 4 months. ### v1.0 @@ -18,7 +18,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Released date**: Sep 27, 2023 -**Release link**: [v1.0.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.0.0) +**Release link**: [v1.0.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.0.0) **Major features** @@ -34,7 +34,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Release date**: Dec 12, 2023 -**Release link**: [v1.1.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.1.0) +**Release link**: [v1.1.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.1.0) **Major features** @@ -48,7 +48,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high **Target date**: May 31, 2024 -**Release link**: [v1.2.0 Release Notes](https://github.com/deislabs/ratify/releases/tag/v1.2.0) +**Release link**: [v1.2.0 Release Notes](https://github.com/ratify-project/ratify/releases/tag/v1.2.0) **major features** @@ -56,7 +56,7 @@ The Ratify roadmap is divided into milestones, each with a set of features (high - OCI v1.1 compliance - Cosign signatures verification using keys in AKV -See details in [GitHub milestone v1.2.0](https://github.com/deislabs/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.2.0). +See details in [GitHub milestone v1.2.0](https://github.com/ratify-project/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.2.0). ### v1.3 @@ -72,7 +72,7 @@ See details in [GitHub milestone v1.2.0](https://github.com/deislabs/ratify/issu - Notary Project signature verification with Time-stamping support - Signing Certificate/key rotation support -See details in [GitHub milestone v1.3.0](https://github.com/deislabs/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.3.0). +See details in [GitHub milestone v1.3.0](https://github.com/ratify-project/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.3.0). ### v1.4 diff --git a/api/v1alpha1/certificatestore_conversion.go b/api/v1alpha1/certificatestore_conversion.go index 8fc433a24..76e9cc876 100644 --- a/api/v1alpha1/certificatestore_conversion.go +++ b/api/v1alpha1/certificatestore_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/doc.go b/api/v1alpha1/doc.go index 5f12afe87..dd50563c2 100644 --- a/api/v1alpha1/doc.go +++ b/api/v1alpha1/doc.go @@ -14,5 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +k8s:conversion-gen=github.com/deislabs/ratify/api/unversioned +// +k8s:conversion-gen=github.com/ratify-project/ratify/api/unversioned package v1alpha1 diff --git a/api/v1alpha1/policy_conversion.go b/api/v1alpha1/policy_conversion.go index b67653eb4..4f406de60 100644 --- a/api/v1alpha1/policy_conversion.go +++ b/api/v1alpha1/policy_conversion.go @@ -17,8 +17,8 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" - "github.com/deislabs/ratify/internal/constants" + unversioned "github.com/ratify-project/ratify/api/unversioned" + "github.com/ratify-project/ratify/internal/constants" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/policy_conversion_test.go b/api/v1alpha1/policy_conversion_test.go index 862e16c63..8a6dba65c 100644 --- a/api/v1alpha1/policy_conversion_test.go +++ b/api/v1alpha1/policy_conversion_test.go @@ -20,8 +20,8 @@ import ( "reflect" "testing" - unversioned "github.com/deislabs/ratify/api/unversioned" - "github.com/deislabs/ratify/internal/constants" + unversioned "github.com/ratify-project/ratify/api/unversioned" + "github.com/ratify-project/ratify/internal/constants" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/api/v1alpha1/store_conversion.go b/api/v1alpha1/store_conversion.go index ca8ec8b7e..ddf9ba309 100644 --- a/api/v1alpha1/store_conversion.go +++ b/api/v1alpha1/store_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/verifier_conversion.go b/api/v1alpha1/verifier_conversion.go index 77d185f06..257709118 100644 --- a/api/v1alpha1/verifier_conversion.go +++ b/api/v1alpha1/verifier_conversion.go @@ -17,7 +17,7 @@ limitations under the License. package v1alpha1 import ( - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" ) diff --git a/api/v1alpha1/zz_generated.conversion.go b/api/v1alpha1/zz_generated.conversion.go index d0311a1fb..467a815ca 100644 --- a/api/v1alpha1/zz_generated.conversion.go +++ b/api/v1alpha1/zz_generated.conversion.go @@ -23,7 +23,7 @@ package v1alpha1 import ( unsafe "unsafe" - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/api/v1beta1/doc.go b/api/v1beta1/doc.go index 7d2226e2b..c5e4175d4 100644 --- a/api/v1beta1/doc.go +++ b/api/v1beta1/doc.go @@ -14,5 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +k8s:conversion-gen=github.com/deislabs/ratify/api/unversioned +// +k8s:conversion-gen=github.com/ratify-project/ratify/api/unversioned package v1beta1 diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go index 5b0bd36fb..fafb65bab 100644 --- a/api/v1beta1/zz_generated.conversion.go +++ b/api/v1beta1/zz_generated.conversion.go @@ -23,7 +23,7 @@ package v1beta1 import ( unsafe "unsafe" - unversioned "github.com/deislabs/ratify/api/unversioned" + unversioned "github.com/ratify-project/ratify/api/unversioned" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" diff --git a/charts/ratify/Chart.yaml b/charts/ratify/Chart.yaml index 57fba1d69..e17cd5407 100644 --- a/charts/ratify/Chart.yaml +++ b/charts/ratify/Chart.yaml @@ -3,5 +3,5 @@ name: ratify description: A Helm chart for Ratify version: 1.13.0 appVersion: v1.2.0 -home: https://github.com/deislabs/ratify -icon: https://raw.githubusercontent.com/deislabs/ratify/main/logo.svg +home: https://github.com/ratify-project/ratify +icon: https://raw.githubusercontent.com/ratify-project/ratify/main/logo.svg diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 862ae8ca9..84b52b238 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -38,8 +38,8 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | Parameter | Description | Default | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| image.repository | Ratify app image | `ghcr.io/deislabs/ratify` | -| image.crdrepository | Ratify CRD install Image | `ghcr.io/deislabs/ratify-crds` | +| image.repository | Ratify app image | `ghcr.io/ratify-project/ratify` | +| image.crdrepository | Ratify CRD install Image | `ghcr.io/ratify-project/ratify-crds` | | image.tag | Image tag | `` | | image.pullPolicy | Image pull policy | `IfNotPresent` | | nameOverride | Overrides the ratify.name used to determine the ratify full name template | `` | diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index b1ad2efe4..8e0e74f40 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -1,6 +1,6 @@ image: - repository: ghcr.io/deislabs/ratify - crdRepository: ghcr.io/deislabs/ratify-crds + repository: ghcr.io/ratify-project/ratify + crdRepository: ghcr.io/ratify-project/ratify-crds tag: v1.2.0 pullPolicy: IfNotPresent diff --git a/cmd/ratify/cmd/discover.go b/cmd/ratify/cmd/discover.go index c4f61e8ea..e824ec583 100644 --- a/cmd/ratify/cmd/discover.go +++ b/cmd/ratify/cmd/discover.go @@ -22,14 +22,14 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" "github.com/xlab/treeprint" ) diff --git a/cmd/ratify/cmd/referrer.go b/cmd/ratify/cmd/referrer.go index 8520e0f2a..9e87b5ad3 100644 --- a/cmd/ratify/cmd/referrer.go +++ b/cmd/ratify/cmd/referrer.go @@ -22,11 +22,11 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/ocispecs" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/ocispecs" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/resolve.go b/cmd/ratify/cmd/resolve.go index 0ecc87b39..b12e90428 100644 --- a/cmd/ratify/cmd/resolve.go +++ b/cmd/ratify/cmd/resolve.go @@ -22,11 +22,11 @@ import ( "os" "strings" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/root.go b/cmd/ratify/cmd/root.go index d52637b29..04f8ca858 100644 --- a/cmd/ratify/cmd/root.go +++ b/cmd/ratify/cmd/root.go @@ -16,8 +16,8 @@ limitations under the License. package cmd import ( - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/featureflag" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/serve.go b/cmd/ratify/cmd/serve.go index 65ebb513c..9179fa04b 100644 --- a/cmd/ratify/cmd/serve.go +++ b/cmd/ratify/cmd/serve.go @@ -20,11 +20,11 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/httpserver" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/manager" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/httpserver" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/manager" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/verify.go b/cmd/ratify/cmd/verify.go index 170014133..a6e2f29fc 100644 --- a/cmd/ratify/cmd/verify.go +++ b/cmd/ratify/cmd/verify.go @@ -20,15 +20,15 @@ import ( "errors" "fmt" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/internal/logger" - e "github.com/deislabs/ratify/pkg/executor" - ef "github.com/deislabs/ratify/pkg/executor/core" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" - vf "github.com/deislabs/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/logger" + e "github.com/ratify-project/ratify/pkg/executor" + ef "github.com/ratify-project/ratify/pkg/executor/core" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/cmd/version.go b/cmd/ratify/cmd/version.go index 9a5fbd0a9..2cc89c0e3 100644 --- a/cmd/ratify/cmd/version.go +++ b/cmd/ratify/cmd/version.go @@ -18,7 +18,7 @@ import ( "runtime" "strings" - "github.com/deislabs/ratify/internal/version" + "github.com/ratify-project/ratify/internal/version" "github.com/spf13/cobra" ) diff --git a/cmd/ratify/main.go b/cmd/ratify/main.go index cafaaaf9f..f51315c68 100644 --- a/cmd/ratify/main.go +++ b/cmd/ratify/main.go @@ -18,14 +18,14 @@ package main import ( "os" - "github.com/deislabs/ratify/cmd/ratify/cmd" - _ "github.com/deislabs/ratify/pkg/cache/dapr" // register dapr cache - _ "github.com/deislabs/ratify/pkg/cache/ristretto" // register ristretto cache - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" // register configpolicy policy provider - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" // register regopolicy policy provider - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" // register oras referrer store - _ "github.com/deislabs/ratify/pkg/verifier/cosign" // register cosign verifier - _ "github.com/deislabs/ratify/pkg/verifier/notation" // register notation verifier + "github.com/ratify-project/ratify/cmd/ratify/cmd" + _ "github.com/ratify-project/ratify/pkg/cache/dapr" // register dapr cache + _ "github.com/ratify-project/ratify/pkg/cache/ristretto" // register ristretto cache + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" // register configpolicy policy provider + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" // register regopolicy policy provider + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" // register oras referrer store + _ "github.com/ratify-project/ratify/pkg/verifier/cosign" // register cosign verifier + _ "github.com/ratify-project/ratify/pkg/verifier/notation" // register notation verifier ) func main() { diff --git a/config/config.go b/config/config.go index 901a0eb74..7bc3e0f9f 100644 --- a/config/config.go +++ b/config/config.go @@ -24,20 +24,20 @@ import ( "path/filepath" "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/internal/logger" - exConfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/policyprovider" - pcConfig "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/referrerstore" - rsConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/verifier" - vfConfig "github.com/deislabs/ratify/pkg/verifier/config" - vf "github.com/deislabs/ratify/pkg/verifier/factory" "github.com/pkg/errors" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/logger" + exConfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/policyprovider" + pcConfig "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/referrerstore" + rsConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/verifier" + vfConfig "github.com/ratify-project/ratify/pkg/verifier/config" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" "github.com/sirupsen/logrus" ) diff --git a/config/configManager.go b/config/configManager.go index a507d3228..cce09c602 100644 --- a/config/configManager.go +++ b/config/configManager.go @@ -20,9 +20,9 @@ import ( "os" "time" - ef "github.com/deislabs/ratify/pkg/executor/core" "github.com/fsnotify/fsnotify" "github.com/pkg/errors" + ef "github.com/ratify-project/ratify/pkg/executor/core" "github.com/sirupsen/logrus" ) diff --git a/docs/design/Authentication Provider Support For ORAS Store.md b/docs/design/Authentication Provider Support For ORAS Store.md index 378e31a1b..fa7b63eb3 100644 --- a/docs/design/Authentication Provider Support For ORAS Store.md +++ b/docs/design/Authentication Provider Support For ORAS Store.md @@ -4,7 +4,7 @@ Author: Akash Singhal (@akashsinghal) General Design Document for [Ratify Auth](https://hackmd.io/LFWPWM7wT_icfIPZbuax0Q#Auth-using-metadata-service-endpoint-in-k8s) -Linked PR: https://github.com/deislabs/ratify/pull/123 +Linked PR: https://github.com/ratify-project/ratify/pull/123 ## Goals @@ -153,7 +153,7 @@ type OrasStoreConf struct { } ``` -Update `Create` [method](https://github.com/deislabs/ratify/blob/6edd4ceedc21cf704857eae56b2197e0e28f0f93/pkg/referrerstore/oras/oras.go#L68) in oras.go +Update `Create` [method](https://github.com/ratify-project/ratify/blob/6edd4ceedc21cf704857eae56b2197e0e28f0f93/pkg/referrerstore/oras/oras.go#L68) in oras.go ``` func (s *orasStoreFactory) Create(version string, storeConfig config.StorePluginConfig) (referrerstore.ReferrerStore, error) { diff --git a/docs/design/Config Policy Provider Refactor.md b/docs/design/Config Policy Provider Refactor.md index f09e86679..c3fab1c6b 100644 --- a/docs/design/Config Policy Provider Refactor.md +++ b/docs/design/Config Policy Provider Refactor.md @@ -13,7 +13,7 @@ We'd like to redesign the `configPolicy` provider to enhance the Ratify while ad # Design Considerations -The new policy provider should cover but not limited to address these issues: [#351](https://github.com/deislabs/ratify/issues/351), [#528](https://github.com/deislabs/ratify/issues/528), [#448](https://github.com/deislabs/ratify/issues/448), [35](https://github.com/deislabs/ratify/issues/35) +The new policy provider should cover but not limited to address these issues: [#351](https://github.com/ratify-project/ratify/issues/351), [#528](https://github.com/ratify-project/ratify/issues/528), [#448](https://github.com/ratify-project/ratify/issues/448), [35](https://github.com/ratify-project/ratify/issues/35) ## Targets 1. Avoid introducing breaking changes to existing interfaces. diff --git a/docs/design/Cosign Upgrade 2024.md b/docs/design/Cosign Upgrade 2024.md index 30912ddc1..03782ae63 100644 --- a/docs/design/Cosign Upgrade 2024.md +++ b/docs/design/Cosign Upgrade 2024.md @@ -2,9 +2,9 @@ Author: Akash Singhal (@akashsinghal) Tracked issues in scope: -- [Support Cosign verification with multiple keys](https://github.com/deislabs/ratify/issues/1191) -- [Support for Cosign verification with keys managed in KMS](https://github.com/deislabs/ratify/issues/1190) -- [Support Cosign verification with RSA key](https://github.com/deislabs/ratify/issues/1189) +- [Support Cosign verification with multiple keys](https://github.com/ratify-project/ratify/issues/1191) +- [Support for Cosign verification with keys managed in KMS](https://github.com/ratify-project/ratify/issues/1190) +- [Support Cosign verification with RSA key](https://github.com/ratify-project/ratify/issues/1189) Ratify currently supports keyless cosign verification which includes an optional custom Rekor server specification. Transparency log verification only occurs for keyless scenarios. Keyed verification is limited to a single public key specified as a value provided in the helm chart. The chart creates a `Secret` for the cosign key and mounts it at a well-known path in the Ratify container. Users must manually update the `Secret` to update the key. There is no support for multiple keys. There is no support for keys stored KMS. There is only support for ECDSA keys, and not RSA or ED25519. There is no support for certificates. diff --git a/docs/design/Metrics.md b/docs/design/Metrics.md index 010708dd1..b92a95a4d 100644 --- a/docs/design/Metrics.md +++ b/docs/design/Metrics.md @@ -32,7 +32,7 @@ OpenTelemetry exposes configurable providers throughout the metrics workflow: 1. Counter: Value that accumulates over time. (e.g request count, signatures verified) 2. Gauge: Point-in-time value of a continuous data stream (e.g speed, pressure) 3. Histogram: Ratify-side aggregation of measurements. Bascially a complex aggregation of Counters where each bin is bounded from the min value (0) to the upper bin boundary. For example if we had bin boundaries [0, 1, 2, 3, 4, 5] and the measured value is 3.5, then the resulting histogram would be [0, 0, 0, 1, 1]. -- Meter: Wraps a collection of instruments related to a specific scope. In Ratify's case, we'd have a single Meter with all of our instruments. The scope would be the Ratify application (`github.com/deislabs/ratify`) +- Meter: Wraps a collection of instruments related to a specific scope. In Ratify's case, we'd have a single Meter with all of our instruments. The scope would be the Ratify application (`github.com/ratify-project/ratify`) - Exporter: The vendor-specific metric reader implementation. Each exporter is responsible for consuming the metrics published to the data stream according to their vendor specification. The first provider we would support is Prometheus. - View: Defines/overrides the behavior for how metrics should be collected (e.g changing the name of the instrument, changing the bin values of histogram instrument) - Meter Provider: Creates the Meter and binds to the specified metric Exporter. It also is resonsible for mutating the metric data stream according to the Views specified in the options. diff --git a/docs/design/Policy Provider refactor (deprecated).md b/docs/design/Policy Provider refactor (deprecated).md index ca90bdea7..241fca76f 100644 --- a/docs/design/Policy Provider refactor (deprecated).md +++ b/docs/design/Policy Provider refactor (deprecated).md @@ -1,7 +1,7 @@ # Ratify Policy Provider Author: Akash Singhal (@akashsinghal) -Prerequisite: Read through the Executor Policy design section of this [doc](https://github.com/deislabs/ratify/tree/main/docs#executor-policy-specification) for more information on approaches to policy provider. +Prerequisite: Read through the Executor Policy design section of this [doc](https://github.com/ratify-project/ratify/tree/main/docs#executor-policy-specification) for more information on approaches to policy provider. Currently there's no scaffolding for multiple policy providers. The default config policy provider is built in. We need to add support for a policy plugin to be specified and selected. We also need to expand the policy provider plugin diff --git a/docs/design/Ratify Vulnerability Report Verifier.md b/docs/design/Ratify Vulnerability Report Verifier.md index 2eab2e353..a3eb19b88 100644 --- a/docs/design/Ratify Vulnerability Report Verifier.md +++ b/docs/design/Ratify Vulnerability Report Verifier.md @@ -205,7 +205,7 @@ Common policies such as age enforcement and severity filtering can be implemente Currently supports date filtering based on OCI annotation image creation and a list of disallowed severities. -PR can be found [here](https://github.com/deislabs/ratify/pull/1123) +PR can be found [here](https://github.com/ratify-project/ratify/pull/1123) [![asciicast](https://asciinema.org/a/622368.svg)](https://asciinema.org/a/622368) diff --git a/docs/design/Verification Result Cache at Executor Level.md b/docs/design/Verification Result Cache at Executor Level.md index 14ec5b4da..2915e2a0b 100644 --- a/docs/design/Verification Result Cache at Executor Level.md +++ b/docs/design/Verification Result Cache at Executor Level.md @@ -4,7 +4,7 @@ Author: Binbin Li (@binbin-li) ## Background -Jimmy noticed that Gatekeeper audit could trigger tons of requests to Ratify if there are many pods deployed, which might overwhelm the upstream services like remote registries. Related issue: [201](https://github.com/deislabs/ratify/issues/201) However, as the discussion happened offline, the audit result can be cached in api server chache. And we could also configure a new CRD to batch evaluation requests in a single ED request. +Jimmy noticed that Gatekeeper audit could trigger tons of requests to Ratify if there are many pods deployed, which might overwhelm the upstream services like remote registries. Related issue: [201](https://github.com/ratify-project/ratify/issues/201) However, as the discussion happened offline, the audit result can be cached in api server chache. And we could also configure a new CRD to batch evaluation requests in a single ED request. Since the discussion is not finished yet, we'll just focus on how to implement the cache instead of whether we need to have it. @@ -88,7 +88,7 @@ Components that Ratify would change/add: b. A map field that maps overall/registry/repo to a TTL value. c. We also need to determine the default behavior/TTL value if it's not specified. 2. A cache interface and implementation that supports adding and evicting entries automatically. -3. As proposed by Akash in this [issue](https://github.com/deislabs/ratify/issues/507), we can possibly add a cache lock to API cache as well. +3. As proposed by Akash in this [issue](https://github.com/ratify-project/ratify/issues/507), we can possibly add a cache lock to API cache as well. 4. Test on them. ### Stage 2 diff --git a/docs/discussion/Cosign Upgrade Discussion 2024.md b/docs/discussion/Cosign Upgrade Discussion 2024.md index d0c5b5ad9..ee4876d71 100644 --- a/docs/discussion/Cosign Upgrade Discussion 2024.md +++ b/docs/discussion/Cosign Upgrade Discussion 2024.md @@ -2,10 +2,10 @@ Author: Akash Singhal (@akashsinghal) Tracked issues in scope: -- [Support Cosign verification with multiple keys](https://github.com/deislabs/ratify/issues/1191) -- [Support for Cosign verification with keys managed in KMS](https://github.com/deislabs/ratify/issues/1190) -- [Support Cosign verification with RSA key](https://github.com/deislabs/ratify/issues/1189) -- [Support keyless verification with OIDC identities](https://github.com/deislabs/ratify/issues/1323) +- [Support Cosign verification with multiple keys](https://github.com/ratify-project/ratify/issues/1191) +- [Support for Cosign verification with keys managed in KMS](https://github.com/ratify-project/ratify/issues/1190) +- [Support Cosign verification with RSA key](https://github.com/ratify-project/ratify/issues/1189) +- [Support keyless verification with OIDC identities](https://github.com/ratify-project/ratify/issues/1323) Ratify currently supports keyless cosign verification which includes an optional custom Rekor server specification. Transparency log verification only occurs for keyless scenarios. Keyed verification is limited to a single public key specified as a value provided in the helm chart. The chart creates a `Secret` for the cosign key and mounts it at a well-known path in the Ratify container. Users must manually update the `Secret` to update the key. There is no support for multiple keys. There is no support for keys stored KMS. There is only support for ECDSA keys, and not RSA or ED25519. There is no support for certificates. @@ -582,13 +582,13 @@ spec: ### How does `scopes` matching work? -`scopes` are associated per `trustPolicy`. They function to apply on top of a validation image reference and match a SINGLE trust policy to use for verification. Ratify needs to decide how to implement scope matching based on the scenarios to support. Scopes could support regular expressions however they are not as user friendly. Ratify could also define its own domain/repository pattern syntax. Or, Ratify could support both side-by-side; however, this would require having behavior to rectify if both are used at once or used for different policies. The other concern is if multiple trust policies are defined each with scopes that can apply. For example, let's take Trust Policy A which has scope `*` (any image reference works). Then, let's define Trust Policy B with scope `ghcr.io`. Finally, define Trust Policy C with scope `ghcr.io/deislabs/ratify`. If our image to validate has reference: `ghcr.io/deislabs/ratify:v1.2.0`, which Trust Policy should apply? Ideally, we should match to he policy that is most specific first, so Trust Policy C would be selected. +`scopes` are associated per `trustPolicy`. They function to apply on top of a validation image reference and match a SINGLE trust policy to use for verification. Ratify needs to decide how to implement scope matching based on the scenarios to support. Scopes could support regular expressions however they are not as user friendly. Ratify could also define its own domain/repository pattern syntax. Or, Ratify could support both side-by-side; however, this would require having behavior to rectify if both are used at once or used for different policies. The other concern is if multiple trust policies are defined each with scopes that can apply. For example, let's take Trust Policy A which has scope `*` (any image reference works). Then, let's define Trust Policy B with scope `ghcr.io`. Finally, define Trust Policy C with scope `ghcr.io/ratify-project/ratify`. If our image to validate has reference: `ghcr.io/ratify-project/ratify:v1.2.0`, which Trust Policy should apply? Ideally, we should match to he policy that is most specific first, so Trust Policy C would be selected. #### Scenarios to Support 1. Wildcard: `*` 2. Registry wide scope: `ghcr.io` 3. Wildcard registry domain scope: `*.azurecr.io` -4. Intermediate repository paths (repository path may reference a subpath but not an absolute path): `ghcr.io/deislabs/*` +4. Intermediate repository paths (repository path may reference a subpath but not an absolute path): `ghcr.io/ratify-project/*` #### How does notation do this? diff --git a/docs/discussion/Negative test cases for Ratify.md b/docs/discussion/Negative test cases for Ratify.md index ee594c709..e7a63e622 100644 --- a/docs/discussion/Negative test cases for Ratify.md +++ b/docs/discussion/Negative test cases for Ratify.md @@ -104,13 +104,13 @@ time=2023-09-20T13:08:43.696147959Z level=error msg=Error: plugin init failure, ```stdout "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "referenceDigest": "sha256:57be2c1c3d9c23ef7c964bba05c7aa23b525732e9c9af9652654ccc3f4babb0e", "artifactType": "application/vnd.cncf.notary.signature", "verifierReports": [ { "isSuccess": false, - "message": "Original Error: (Original Error: (artifact \"ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b\" has no applicable trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: https://notaryproject.dev/docs/quickstart/#create-a-trust-policy), Error: verify signature failure, Code: VERIFY_SIGNATURE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier, Documentation: https://github.com/notaryproject/notaryproject/tree/main/specs, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier", + "message": "Original Error: (Original Error: (artifact \"ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b\" has no applicable trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: https://notaryproject.dev/docs/quickstart/#create-a-trust-policy), Error: verify signature failure, Code: VERIFY_SIGNATURE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier, Documentation: https://github.com/notaryproject/notaryproject/tree/main/specs, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: verifier-notation, Component Type: verifier", "name": "verifier-notation", "type": "notation", "extensions": null @@ -129,7 +129,7 @@ The image verification fails. ```stdout "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "referenceDigest": "sha256:57be2c1c3d9c23ef7c964bba05c7aa23b525732e9c9af9652654ccc3f4babb0e", "artifactType": "application/vnd.cncf.notary.signature", "verifierReports": [ @@ -151,7 +151,7 @@ The image verification fails. The image verification fails: ```stdout -time=2023-09-22T13:50:40.440640495Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-22T13:50:40.440640495Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { "isSuccess": false, @@ -233,14 +233,14 @@ time=2023-09-21T16:49:39.660797685Z level=info msg=Reconciling Policy configpoli time=2023-09-21T16:49:39.660900987Z level=error msg=failed to get Policy: Policy.config.ratify.deislabs.io "configpolicy" not found time=2023-09-21T16:49:49.266265821Z level=info msg=received request POST /ratify/gatekeeper/v1/mutate time=2023-09-21T16:49:49.266514626Z level=info msg=start request POST /ratify/gatekeeper/v1/mutate component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 -time=2023-09-21T16:49:49.26667593Z level=info msg=mutating image ghcr.io/deislabs/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 +time=2023-09-21T16:49:49.26667593Z level=info msg=mutating image ghcr.io/ratify-project/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 time=2023-09-21T16:49:49.266880934Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=acb4f156-8132-4cfb-9df6-e73266c5c6c7 ``` #### TC15 ```stdout -time=2023-09-21T16:24:03.422952769Z level=error msg=Reconciler error Policy=regopolicy controller=policy controllerGroup=config.ratify.deislabs.io controllerKind=Policy error=failed to create policy enforcer: failed to create policy provider: Original Error: (Original Error: (failed to create policy engine: failed to create policy query, err: failed to prepare rego query, err: 1 error occurred: policy.rego:13: rego_unsafe_var_error: var fals is unsafe), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/deislabs/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create OPA engine), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/deislabs/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create policy provider name=regopolicy namespace= reconcileID=71adeaf9-a6f0-4974-88cf-34bd2be47a99 +time=2023-09-21T16:24:03.422952769Z level=error msg=Reconciler error Policy=regopolicy controller=policy controllerGroup=config.ratify.deislabs.io controllerKind=Policy error=failed to create policy enforcer: failed to create policy provider: Original Error: (Original Error: (failed to create policy engine: failed to create policy query, err: failed to prepare rego query, err: 1 error occurred: policy.rego:13: rego_unsafe_var_error: var fals is unsafe), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/ratify-project/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create OPA engine), Error: plugin init failure, Code: PLUGIN_INIT_FAILURE, Plugin Name: regopolicy, Component Type: policyProvider, Documentation: https://github.com/ratify-project/ratify/blob/main/docs/reference/providers.md#policy-providers, Detail: failed to create policy provider name=regopolicy namespace= reconcileID=71adeaf9-a6f0-4974-88cf-34bd2be47a99 ``` #### TC16 @@ -293,8 +293,8 @@ Ratify Logs: ```stdout time=2023-09-21T20:49:55.965807677Z level=info msg=received request POST /ratify/gatekeeper/v1/mutate time=2023-09-21T20:49:55.965917879Z level=info msg=start request POST /ratify/gatekeeper/v1/mutate component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa -time=2023-09-21T20:49:55.966001082Z level=info msg=mutating image ghcr.io/deislabs/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa -time=2023-09-21T20:49:57.916645653Z level=debug msg=subject descriptor cache miss for value: ghcr.io/deislabs/ratify/notary-image:signed component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa +time=2023-09-21T20:49:55.966001082Z level=info msg=mutating image ghcr.io/ratify-project/ratify/notary-image:signed component-type=server go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa +time=2023-09-21T20:49:57.916645653Z level=debug msg=subject descriptor cache miss for value: ghcr.io/ratify-project/ratify/notary-image:signed component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.916739655Z level=debug msg=auth cache miss component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.917014862Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa time=2023-09-21T20:49:57.917058964Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=084fab3d-0f0d-4f32-9a9b-03db3c3df5fa @@ -306,19 +306,19 @@ Audit also begins to fail with timeout of 4.9 second. ```stdout time=2023-09-21T20:52:45.703791311Z level=info msg=received request POST /ratify/gatekeeper/v1/verify time=2023-09-21T20:52:45.703840611Z level=info msg=start request POST /ratify/gatekeeper/v1/verify component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:45.703937712Z level=info msg=verifying subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.604600679Z level=debug msg=subject descriptor cache miss for value: ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:45.703937712Z level=info msg=verifying subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.604600679Z level=debug msg=subject descriptor cache miss for value: ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.604668279Z level=debug msg=auth cache miss component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60472728Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60474728Z level=warning msg=Error: cache not set, Code: CACHE_NOT_SET, Component Type: cache, Detail: failed to set auth cache for ghcr.io component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60483898Z level=warning msg=Original Error: (Original Error: (Head "https://ghcr.io/v2/deislabs/ratify/notary-image/manifests/sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b": context deadline exceeded), Error: repository operation failure, Code: REPOSITORY_OPERATION_FAILURE, Plugin Name: oras), Error: get subject descriptor failure, Code: GET_SUBJECT_DESCRIPTOR_FAILURE, Plugin Name: oras, Component Type: referrerStore, Detail: failed to resolve the subject descriptor component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60485408Z level=debug msg=cache miss for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60483898Z level=warning msg=Original Error: (Original Error: (Head "https://ghcr.io/v2/ratify-project/ratify/notary-image/manifests/sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b": context deadline exceeded), Error: repository operation failure, Code: REPOSITORY_OPERATION_FAILURE, Plugin Name: oras), Error: get subject descriptor failure, Code: GET_SUBJECT_DESCRIPTOR_FAILURE, Plugin Name: oras, Component Type: referrerStore, Detail: failed to resolve the subject descriptor component-type=referrerStore go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60485408Z level=debug msg=cache miss for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac time=2023-09-21T20:52:50.60487278Z level=error msg=Error saving value to redis: error saving state: rpc error: code = DeadlineExceeded desc = context deadline exceeded component-type=cache go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60488398Z level=warning msg=unable to insert cache entry for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac -time=2023-09-21T20:52:50.60490018Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-21T20:52:50.60488398Z level=warning msg=unable to insert cache entry for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b component-type=server go.version=go1.20.8 trace-id=384a4c5e-6654-47a8-bdaa-16823df527ac +time=2023-09-21T20:52:50.60490018Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { - "subject": "ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", + "subject": "ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b", "isSuccess": false, "message": "verification failed: Error: referrer store failure, Code: REFERRER_STORE_FAILURE, Component Type: referrerStore, Detail: could not resolve descriptor for a subject from any stores" } @@ -362,7 +362,7 @@ time=2023-09-21T22:17:50.216846963Z level=error msg=Error saving value to redis: ```stdout level=error msg=Reconciler error CertificateStore=default/certstore-incorrect-cert controller=certificatestore controllerGroup=config.ratify.deislabs.io controllerKind=CertificateStore error=Error fetching certificates in store certstore-incorrect-cert with inline provider, error: Error: cert invalid, Code: CERT_INVALID, Component Type: certProvider name=certstore-incorrect-cert namespace=default reconcileID=6a444f61-fed0-4d0a-b6e1-08bedbe90712 time=2023-09-22T01:55:54.866028606Z level=warning msg=no certificate fetched for certStore certstore-incorrect-cert component-type=verifier go.version=go1.20.8 trace-id=4b6580f6-8b08-4c0b-a1ab-d4264298a6c9 -time=2023-09-22T01:55:54.866327608Z level=info msg=verify result for subject ghcr.io/deislabs/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { +time=2023-09-22T01:55:54.866327608Z level=info msg=verify result for subject ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b: { "verifierReports": [ { "isSuccess": false, diff --git a/experimental/generate-protos.sh b/experimental/generate-protos.sh index 92938cf6a..98c4645cd 100644 --- a/experimental/generate-protos.sh +++ b/experimental/generate-protos.sh @@ -20,7 +20,7 @@ protoc \ --proto_path=./ratify/proto/v1 \ --go_out=. \ ---go_opt=module=github.com/deislabs/ratify/experimental \ +--go_opt=module=github.com/ratify-project/ratify/experimental \ --go-grpc_out=. \ ---go-grpc_opt=module=github.com/deislabs/ratify/experimental \ +--go-grpc_opt=module=github.com/ratify-project/ratify/experimental \ ./ratify/proto/v1/*.proto diff --git a/experimental/proto/v1/orchestrator/orchestrator.pb.go b/experimental/proto/v1/orchestrator/orchestrator.pb.go index b1176df88..2372472d0 100644 --- a/experimental/proto/v1/orchestrator/orchestrator.pb.go +++ b/experimental/proto/v1/orchestrator/orchestrator.pb.go @@ -7,8 +7,8 @@ package orchestrator import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/proto/v1/referrerstore/referrerstore.pb.go b/experimental/proto/v1/referrerstore/referrerstore.pb.go index 82400ac96..18c595ae2 100644 --- a/experimental/proto/v1/referrerstore/referrerstore.pb.go +++ b/experimental/proto/v1/referrerstore/referrerstore.pb.go @@ -7,8 +7,8 @@ package referrerstore import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/proto/v1/verifier/verifier.pb.go b/experimental/proto/v1/verifier/verifier.pb.go index b5cab617d..26c9eec34 100644 --- a/experimental/proto/v1/verifier/verifier.pb.go +++ b/experimental/proto/v1/verifier/verifier.pb.go @@ -7,8 +7,8 @@ package verifier import ( - common "github.com/deislabs/ratify/experimental/proto/v1/common" _struct "github.com/golang/protobuf/ptypes/struct" + common "github.com/ratify-project/ratify/experimental/proto/v1/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" diff --git a/experimental/ratify/proto/README.md b/experimental/ratify/proto/README.md index 568c6ee86..f060aa28c 100644 --- a/experimental/ratify/proto/README.md +++ b/experimental/ratify/proto/README.md @@ -30,4 +30,4 @@ cd ./experimental ```sh go mod tidy ``` -4. _**Depending on the value of "go_package" for each proto file, you may have to move the generated code to an alternate directory.**_ _e.g. setting the `go_package` to "github.com/deislabs/ratify/experimental/proto/v1/referrerstore" will create such a directory structure. Moving the generated code to {root}/experimental/proto/v1/referrerstore will resolve errors since the project's module is "github.com/deislabs/ratify"_ +4. _**Depending on the value of "go_package" for each proto file, you may have to move the generated code to an alternate directory.**_ _e.g. setting the `go_package` to "github.com/ratify-project/ratify/experimental/proto/v1/referrerstore" will create such a directory structure. Moving the generated code to {root}/experimental/proto/v1/referrerstore will resolve errors since the project's module is "github.com/ratify-project/ratify"_ diff --git a/experimental/ratify/proto/v1/common.proto b/experimental/ratify/proto/v1/common.proto index 311bfd1c3..48d55ea5f 100644 --- a/experimental/ratify/proto/v1/common.proto +++ b/experimental/ratify/proto/v1/common.proto @@ -2,7 +2,7 @@ syntax="proto3"; package common; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/common"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/common"; /* Descriptor holds various properties of an artifact. diff --git a/experimental/ratify/proto/v1/orchestrator.proto b/experimental/ratify/proto/v1/orchestrator.proto index 6b3e6283f..94ddcca73 100644 --- a/experimental/ratify/proto/v1/orchestrator.proto +++ b/experimental/ratify/proto/v1/orchestrator.proto @@ -2,7 +2,7 @@ syntax="proto3"; package orchestrator; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/orchestrator"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/orchestrator"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/experimental/ratify/proto/v1/referrerstore.proto b/experimental/ratify/proto/v1/referrerstore.proto index 61d5f246d..15e191121 100644 --- a/experimental/ratify/proto/v1/referrerstore.proto +++ b/experimental/ratify/proto/v1/referrerstore.proto @@ -2,7 +2,7 @@ syntax="proto3"; package referrerstore; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/referrerstore"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/referrerstore"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/experimental/ratify/proto/v1/verifier.proto b/experimental/ratify/proto/v1/verifier.proto index 19615674f..c9049dd83 100644 --- a/experimental/ratify/proto/v1/verifier.proto +++ b/experimental/ratify/proto/v1/verifier.proto @@ -2,7 +2,7 @@ syntax="proto3"; package verifier; -option go_package = "github.com/deislabs/ratify/experimental/proto/v1/verifier"; +option go_package = "github.com/ratify-project/ratify/experimental/proto/v1/verifier"; import "common.proto"; import "google/protobuf/struct.proto"; diff --git a/go.mod b/go.mod index 66a52e459..f399e9696 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/deislabs/ratify +module github.com/ratify-project/ratify go 1.21 diff --git a/httpserver/Dockerfile b/httpserver/Dockerfile index a0a9f3773..f7f03ed26 100644 --- a/httpserver/Dockerfile +++ b/httpserver/Dockerfile @@ -42,7 +42,7 @@ RUN if [ "$build_schemavalidator" = "true" ]; then go build -o /app/out/plugins/ RUN if [ "$build_vulnerabilityreport" = "true" ]; then go build -o /app/out/plugins/ /app/plugins/verifier/vulnerabilityreport; fi FROM gcr.io/distroless/static:nonroot@sha256:e9ac71e2b8e279a8372741b7a0293afda17650d926900233ec3a7b2b7c22a246 -LABEL org.opencontainers.image.source https://github.com/deislabs/ratify +LABEL org.opencontainers.image.source https://github.com/ratify-project/ratify ARG RATIFY_FOLDER=$HOME/.ratify/ diff --git a/httpserver/context.go b/httpserver/context.go index d7e2f5068..a0c5222b3 100644 --- a/httpserver/context.go +++ b/httpserver/context.go @@ -19,8 +19,8 @@ import ( "context" "net/http" - "github.com/deislabs/ratify/utils" "github.com/docker/distribution/registry/api/errcode" + "github.com/ratify-project/ratify/utils" "github.com/sirupsen/logrus" ) diff --git a/httpserver/handlers.go b/httpserver/handlers.go index 4f4d02aa7..730eb63ea 100644 --- a/httpserver/handlers.go +++ b/httpserver/handlers.go @@ -24,16 +24,16 @@ import ( "sync" "time" - "github.com/deislabs/ratify/errors" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/referrerstore" - pkgUtils "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/utils" + "github.com/ratify-project/ratify/errors" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/referrerstore" + pkgUtils "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/utils" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" ) diff --git a/httpserver/server.go b/httpserver/server.go index 9f3403cf1..782e3c83d 100644 --- a/httpserver/server.go +++ b/httpserver/server.go @@ -29,9 +29,9 @@ import ( "syscall" "time" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/metrics" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/metrics" "github.com/gorilla/mux" "github.com/sirupsen/logrus" diff --git a/httpserver/server_test.go b/httpserver/server_test.go index 1aaf98ecd..96e3feb11 100644 --- a/httpserver/server_test.go +++ b/httpserver/server_test.go @@ -28,19 +28,19 @@ import ( "testing" "time" - ratifyerrors "github.com/deislabs/ratify/errors" - exconfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/core" - "github.com/deislabs/ratify/pkg/ocispecs" - config "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" + ratifyerrors "github.com/ratify-project/ratify/errors" + exconfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/core" + "github.com/ratify-project/ratify/pkg/ocispecs" + config "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" "github.com/sirupsen/logrus" - "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier" "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier" ) const testArtifactType string = "test-type1" diff --git a/httpserver/types.go b/httpserver/types.go index 02ad6e744..f307bc55d 100644 --- a/httpserver/types.go +++ b/httpserver/types.go @@ -16,8 +16,8 @@ limitations under the License. package httpserver import ( - "github.com/deislabs/ratify/pkg/executor/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/executor/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" ) const ( diff --git a/httpserver/types_test.go b/httpserver/types_test.go index 51be42151..ce2c359a2 100644 --- a/httpserver/types_test.go +++ b/httpserver/types_test.go @@ -18,8 +18,8 @@ package httpserver import ( "testing" - "github.com/deislabs/ratify/pkg/executor/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/executor/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" ) func TestFromVerifyResult(t *testing.T) { diff --git a/internal/logger/logger.go b/internal/logger/logger.go index b833fa275..6721cd65e 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -22,10 +22,10 @@ import ( "time" logstash "github.com/bshuster-repo/logrus-logstash-hook" - re "github.com/deislabs/ratify/errors" - icontext "github.com/deislabs/ratify/internal/context" dcontext "github.com/docker/distribution/context" "github.com/google/uuid" + re "github.com/ratify-project/ratify/errors" + icontext "github.com/ratify-project/ratify/internal/context" "github.com/sirupsen/logrus" ) diff --git a/pkg/cache/dapr/dapr.go b/pkg/cache/dapr/dapr.go index a0d9a9414..1230a9158 100644 --- a/pkg/cache/dapr/dapr.go +++ b/pkg/cache/dapr/dapr.go @@ -23,10 +23,10 @@ import ( "time" "github.com/dapr/go-sdk/client" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/featureflag" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/featureflag" ) const DaprCacheType = "dapr" diff --git a/pkg/cache/ristretto/ristretto.go b/pkg/cache/ristretto/ristretto.go index 581b98a47..67210d7b9 100644 --- a/pkg/cache/ristretto/ristretto.go +++ b/pkg/cache/ristretto/ristretto.go @@ -22,11 +22,11 @@ import ( "time" "github.com/cespare/xxhash/v2" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" "github.com/dgraph-io/ristretto" "github.com/dgraph-io/ristretto/z" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" ) const RistrettoCacheType = "ristretto" diff --git a/pkg/cache/ristretto/ristretto_test.go b/pkg/cache/ristretto/ristretto_test.go index afb67600b..e2c8f0525 100644 --- a/pkg/cache/ristretto/ristretto_test.go +++ b/pkg/cache/ristretto/ristretto_test.go @@ -22,8 +22,8 @@ import ( "time" "github.com/cespare/xxhash/v2" - "github.com/deislabs/ratify/pkg/cache" "github.com/dgraph-io/ristretto/z" + "github.com/ratify-project/ratify/pkg/cache" ) // TestKeytoHash_Expected tests the keyToHash function diff --git a/pkg/certificateprovider/azurekeyvault/auth.go b/pkg/certificateprovider/azurekeyvault/auth.go index 6dde6afee..4abbbe817 100644 --- a/pkg/certificateprovider/azurekeyvault/auth.go +++ b/pkg/certificateprovider/azurekeyvault/auth.go @@ -25,7 +25,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/utils/azureauth" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" diff --git a/pkg/certificateprovider/azurekeyvault/provider.go b/pkg/certificateprovider/azurekeyvault/provider.go index 473272c1c..17bbd12e3 100644 --- a/pkg/certificateprovider/azurekeyvault/provider.go +++ b/pkg/certificateprovider/azurekeyvault/provider.go @@ -27,11 +27,11 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/certificateprovider" - "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/metrics" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/metrics" "golang.org/x/crypto/pkcs12" kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" @@ -106,7 +106,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.CertificateName, keyvaultURI) // fetch the object from Key Vault - // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details + // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details startTime := time.Now() secretBundle, err := kvClient.GetSecret(ctx, keyvaultURI, keyVaultCert.CertificateName, keyVaultCert.CertificateVersion) diff --git a/pkg/certificateprovider/azurekeyvault/provider_test.go b/pkg/certificateprovider/azurekeyvault/provider_test.go index efadc599f..001c9b75b 100644 --- a/pkg/certificateprovider/azurekeyvault/provider_test.go +++ b/pkg/certificateprovider/azurekeyvault/provider_test.go @@ -26,7 +26,7 @@ import ( kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" "github.com/Azure/go-autorest/autorest/azure" - "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault/types" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" ) diff --git a/pkg/certificateprovider/certificate_provider.go b/pkg/certificateprovider/certificate_provider.go index 5403293fa..cf517f606 100644 --- a/pkg/certificateprovider/certificate_provider.go +++ b/pkg/certificateprovider/certificate_provider.go @@ -21,7 +21,7 @@ import ( "encoding/pem" "fmt" - "github.com/deislabs/ratify/errors" + "github.com/ratify-project/ratify/errors" ) // This is a map containing Cert store configuration including name, tenantID, and cert object information diff --git a/pkg/certificateprovider/certificate_provider_test.go b/pkg/certificateprovider/certificate_provider_test.go index b30ed2ff7..78d70c439 100644 --- a/pkg/certificateprovider/certificate_provider_test.go +++ b/pkg/certificateprovider/certificate_provider_test.go @@ -19,7 +19,7 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" + ratifyerrors "github.com/ratify-project/ratify/errors" "github.com/stretchr/testify/assert" ) diff --git a/pkg/certificateprovider/inline/provider.go b/pkg/certificateprovider/inline/provider.go index d52a07e9e..effdf4d0b 100644 --- a/pkg/certificateprovider/inline/provider.go +++ b/pkg/certificateprovider/inline/provider.go @@ -19,8 +19,8 @@ import ( "context" "crypto/x509" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/certificateprovider" ) const ( diff --git a/pkg/common/oras/authprovider/authprovider.go b/pkg/common/oras/authprovider/authprovider.go index 6d08941ae..c266920da 100644 --- a/pkg/common/oras/authprovider/authprovider.go +++ b/pkg/common/oras/authprovider/authprovider.go @@ -24,11 +24,11 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" "github.com/docker/cli/cli/config" "github.com/docker/cli/cli/config/configfile" "github.com/docker/cli/cli/config/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" ) // This config represents the credentials that should be used diff --git a/pkg/common/oras/authprovider/authprovider_test.go b/pkg/common/oras/authprovider/authprovider_test.go index 98da91d51..1001c319e 100644 --- a/pkg/common/oras/authprovider/authprovider_test.go +++ b/pkg/common/oras/authprovider/authprovider_test.go @@ -22,7 +22,7 @@ import ( "testing" "time" - re "github.com/deislabs/ratify/errors" + re "github.com/ratify-project/ratify/errors" ) const ( diff --git a/pkg/common/oras/authprovider/authproviderfactory.go b/pkg/common/oras/authprovider/authproviderfactory.go index 4536b83e1..08bde422c 100644 --- a/pkg/common/oras/authprovider/authproviderfactory.go +++ b/pkg/common/oras/authprovider/authproviderfactory.go @@ -18,7 +18,7 @@ package authprovider import ( "fmt" - "github.com/deislabs/ratify/errors" + "github.com/ratify-project/ratify/errors" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/oras/authprovider/aws/awsecrbasic.go b/pkg/common/oras/authprovider/aws/awsecrbasic.go index 3349e8372..878feb1a7 100644 --- a/pkg/common/oras/authprovider/aws/awsecrbasic.go +++ b/pkg/common/oras/authprovider/aws/awsecrbasic.go @@ -27,9 +27,9 @@ import ( "github.com/aws/aws-sdk-go-v2/credentials/stscreds" "github.com/aws/aws-sdk-go-v2/service/ecr" "github.com/aws/aws-sdk-go-v2/service/ecr/types" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" - "github.com/deislabs/ratify/pkg/utils/awsauth" "github.com/pkg/errors" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + "github.com/ratify-project/ratify/pkg/utils/awsauth" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/oras/authprovider/azure/azureidentity.go b/pkg/common/oras/authprovider/azure/azureidentity.go index 9e5ee0111..0a5a00e5c 100644 --- a/pkg/common/oras/authprovider/azure/azureidentity.go +++ b/pkg/common/oras/authprovider/azure/azureidentity.go @@ -22,9 +22,9 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" diff --git a/pkg/common/oras/authprovider/azure/azureidentity_test.go b/pkg/common/oras/authprovider/azure/azureidentity_test.go index 3bf0230f1..472e704b9 100644 --- a/pkg/common/oras/authprovider/azure/azureidentity_test.go +++ b/pkg/common/oras/authprovider/azure/azureidentity_test.go @@ -22,8 +22,8 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azcore" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" ) // Verifies that Enabled checks if tenantID is empty or AAD token is empty diff --git a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go index 5541940fa..a40ce4436 100644 --- a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go +++ b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go @@ -21,11 +21,11 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/utils/azureauth" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + provider "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" diff --git a/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go b/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go index 0ac3ce81d..3695ef65a 100644 --- a/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go +++ b/pkg/common/oras/authprovider/azure/azureworkloadidentity_test.go @@ -23,8 +23,8 @@ import ( "time" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" ) // Verifies that Enabled checks if tenantID is empty or AAD token is empty diff --git a/pkg/common/oras/authprovider/azure/const.go b/pkg/common/oras/authprovider/azure/const.go index e0014ea84..b311c02a6 100644 --- a/pkg/common/oras/authprovider/azure/const.go +++ b/pkg/common/oras/authprovider/azure/const.go @@ -18,7 +18,7 @@ package azure import ( "time" - "github.com/deislabs/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/logger" ) const ( diff --git a/pkg/common/oras/authprovider/k8secret_authprovider.go b/pkg/common/oras/authprovider/k8secret_authprovider.go index 10fd74631..50fa03416 100644 --- a/pkg/common/oras/authprovider/k8secret_authprovider.go +++ b/pkg/common/oras/authprovider/k8secret_authprovider.go @@ -24,9 +24,9 @@ import ( "os" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/utils" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/utils" "github.com/docker/cli/cli/config" core "k8s.io/api/core/v1" diff --git a/pkg/common/oras/authprovider/k8secret_authprovider_test.go b/pkg/common/oras/authprovider/k8secret_authprovider_test.go index 52be7957f..8dcc3f142 100644 --- a/pkg/common/oras/authprovider/k8secret_authprovider_test.go +++ b/pkg/common/oras/authprovider/k8secret_authprovider_test.go @@ -20,7 +20,7 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" + ratifyerrors "github.com/ratify-project/ratify/errors" core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" diff --git a/pkg/common/plugin/download.go b/pkg/common/plugin/download.go index 075931c4b..357e47f10 100644 --- a/pkg/common/plugin/download.go +++ b/pkg/common/plugin/download.go @@ -24,11 +24,11 @@ import ( "os" "time" - "github.com/deislabs/ratify/internal/version" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" - commonutils "github.com/deislabs/ratify/pkg/common/utils" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/internal/version" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + commonutils "github.com/ratify-project/ratify/pkg/common/utils" + "github.com/ratify-project/ratify/pkg/ocispecs" "github.com/sirupsen/logrus" "oras.land/oras-go/v2/registry/remote" "oras.land/oras-go/v2/registry/remote/auth" diff --git a/pkg/common/plugin/download_test.go b/pkg/common/plugin/download_test.go index d5dbba0b9..04ae4a767 100644 --- a/pkg/common/plugin/download_test.go +++ b/pkg/common/plugin/download_test.go @@ -19,7 +19,7 @@ import ( "encoding/json" "testing" - "github.com/deislabs/ratify/api/v1beta1" + "github.com/ratify-project/ratify/api/v1beta1" ) func TestParsePluginSource_HandlesJSON(t *testing.T) { diff --git a/pkg/common/plugin/exec.go b/pkg/common/plugin/exec.go index 9cbfdd065..f9f5e08b5 100644 --- a/pkg/common/plugin/exec.go +++ b/pkg/common/plugin/exec.go @@ -27,7 +27,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/logger" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/utils/utils.go b/pkg/common/utils/utils.go index 8efffb1cd..9b1d67f1f 100644 --- a/pkg/common/utils/utils.go +++ b/pkg/common/utils/utils.go @@ -16,8 +16,8 @@ limitations under the License. package utils import ( - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) func OciManifestToReferenceManifest(ociManifest oci.Manifest) ocispecs.ReferenceManifest { diff --git a/pkg/common/utils/utils_test.go b/pkg/common/utils/utils_test.go index 7a35fe980..70931d5dd 100644 --- a/pkg/common/utils/utils_test.go +++ b/pkg/common/utils/utils_test.go @@ -19,8 +19,8 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) const TestArtifactType = "application/vnd.test.artifacttype" diff --git a/pkg/controllers/clusterresource/keymanagementprovider_controller.go b/pkg/controllers/clusterresource/keymanagementprovider_controller.go index f8888ed65..11a32ed81 100644 --- a/pkg/controllers/clusterresource/keymanagementprovider_controller.go +++ b/pkg/controllers/clusterresource/keymanagementprovider_controller.go @@ -22,9 +22,9 @@ import ( "fmt" "maps" - "github.com/deislabs/ratify/internal/constants" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" // register inline key management provider + "github.com/ratify-project/ratify/internal/constants" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" // register inline key management provider apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -32,9 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/predicate" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go b/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go index 459bf83e8..caa20114b 100644 --- a/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go +++ b/pkg/controllers/clusterresource/keymanagementprovider_controller_test.go @@ -20,15 +20,15 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - test "github.com/deislabs/ratify/pkg/utils" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/clusterresource/policy_controller.go b/pkg/controllers/clusterresource/policy_controller.go index 56283e5c9..68a62c5a9 100644 --- a/pkg/controllers/clusterresource/policy_controller.go +++ b/pkg/controllers/clusterresource/policy_controller.go @@ -19,10 +19,10 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/policy_controller_test.go b/pkg/controllers/clusterresource/policy_controller_test.go index eb3713557..43cd5c741 100644 --- a/pkg/controllers/clusterresource/policy_controller_test.go +++ b/pkg/controllers/clusterresource/policy_controller_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/policies" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/policies" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/store_controller.go b/pkg/controllers/clusterresource/store_controller.go index b9cfac901..54cd91ece 100644 --- a/pkg/controllers/clusterresource/store_controller.go +++ b/pkg/controllers/clusterresource/store_controller.go @@ -24,10 +24,10 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/clusterresource/store_controller_test.go b/pkg/controllers/clusterresource/store_controller_test.go index 4123e5e4c..036926fab 100644 --- a/pkg/controllers/clusterresource/store_controller_test.go +++ b/pkg/controllers/clusterresource/store_controller_test.go @@ -21,12 +21,12 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - rs "github.com/deislabs/ratify/pkg/customresources/referrerstores" - "github.com/deislabs/ratify/pkg/utils" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + rs "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + "github.com/ratify-project/ratify/pkg/utils" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/verifier_controller.go b/pkg/controllers/clusterresource/verifier_controller.go index a050dd38e..0eaaa607d 100644 --- a/pkg/controllers/clusterresource/verifier_controller.go +++ b/pkg/controllers/clusterresource/verifier_controller.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/clusterresource/verifier_controller_test.go b/pkg/controllers/clusterresource/verifier_controller_test.go index 525f717b8..827f3620b 100644 --- a/pkg/controllers/clusterresource/verifier_controller_test.go +++ b/pkg/controllers/clusterresource/verifier_controller_test.go @@ -22,11 +22,11 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/certificatestore_controller.go b/pkg/controllers/namespaceresource/certificatestore_controller.go index 3181a085f..20ca16467 100644 --- a/pkg/controllers/namespaceresource/certificatestore_controller.go +++ b/pkg/controllers/namespaceresource/certificatestore_controller.go @@ -18,13 +18,13 @@ import ( "encoding/json" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/certificateprovider" - _ "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault" // register azure keyvault certificate provider - _ "github.com/deislabs/ratify/pkg/certificateprovider/inline" // register inline certificate provider - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/certificateprovider" + _ "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault" // register azure keyvault certificate provider + _ "github.com/ratify-project/ratify/pkg/certificateprovider/inline" // register inline certificate provider + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/controllers/namespaceresource/certificatestore_controller_test.go b/pkg/controllers/namespaceresource/certificatestore_controller_test.go index 0ff499aa7..a3e93fb3d 100644 --- a/pkg/controllers/namespaceresource/certificatestore_controller_test.go +++ b/pkg/controllers/namespaceresource/certificatestore_controller_test.go @@ -20,16 +20,16 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/certificateprovider" - "github.com/deislabs/ratify/pkg/certificateprovider/inline" - "github.com/deislabs/ratify/pkg/controllers" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/certificateprovider" + "github.com/ratify-project/ratify/pkg/certificateprovider/inline" + "github.com/ratify-project/ratify/pkg/controllers" + test "github.com/ratify-project/ratify/pkg/utils" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/keymanagementprovider_controller.go b/pkg/controllers/namespaceresource/keymanagementprovider_controller.go index b898d38a0..8216dd95b 100644 --- a/pkg/controllers/namespaceresource/keymanagementprovider_controller.go +++ b/pkg/controllers/namespaceresource/keymanagementprovider_controller.go @@ -22,9 +22,9 @@ import ( "fmt" "maps" - "github.com/deislabs/ratify/internal/constants" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" // register inline key management provider + "github.com/ratify-project/ratify/internal/constants" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" // register azure key vault key management provider + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" // register inline key management provider apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -32,9 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/predicate" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go b/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go index 3504b8cc8..fe0728d6c 100644 --- a/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go +++ b/pkg/controllers/namespaceresource/keymanagementprovider_controller_test.go @@ -20,16 +20,16 @@ import ( "fmt" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sirupsen/logrus" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - test "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/policy_controller.go b/pkg/controllers/namespaceresource/policy_controller.go index 988bdd3e2..d77e492ae 100644 --- a/pkg/controllers/namespaceresource/policy_controller.go +++ b/pkg/controllers/namespaceresource/policy_controller.go @@ -19,10 +19,10 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/policy_controller_test.go b/pkg/controllers/namespaceresource/policy_controller_test.go index 2764f0faf..d5aa6be1a 100644 --- a/pkg/controllers/namespaceresource/policy_controller_test.go +++ b/pkg/controllers/namespaceresource/policy_controller_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/policies" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/policies" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" + test "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/store_controller.go b/pkg/controllers/namespaceresource/store_controller.go index af237823b..c021a82ca 100644 --- a/pkg/controllers/namespaceresource/store_controller.go +++ b/pkg/controllers/namespaceresource/store_controller.go @@ -24,10 +24,10 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/namespaceresource/store_controller_test.go b/pkg/controllers/namespaceresource/store_controller_test.go index a66f84b47..54ddeb000 100644 --- a/pkg/controllers/namespaceresource/store_controller_test.go +++ b/pkg/controllers/namespaceresource/store_controller_test.go @@ -19,10 +19,10 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/referrerstores" - test "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + test "github.com/ratify-project/ratify/pkg/utils" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" diff --git a/pkg/controllers/namespaceresource/verifier_controller.go b/pkg/controllers/namespaceresource/verifier_controller.go index 3c142f77e..dbbd8ebc7 100644 --- a/pkg/controllers/namespaceresource/verifier_controller.go +++ b/pkg/controllers/namespaceresource/verifier_controller.go @@ -19,11 +19,11 @@ import ( "context" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/controllers" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/controllers" - cutils "github.com/deislabs/ratify/pkg/controllers/utils" + cutils "github.com/ratify-project/ratify/pkg/controllers/utils" "github.com/sirupsen/logrus" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/namespaceresource/verifier_controller_test.go b/pkg/controllers/namespaceresource/verifier_controller_test.go index 85f9b1f76..c276a9e93 100644 --- a/pkg/controllers/namespaceresource/verifier_controller_test.go +++ b/pkg/controllers/namespaceresource/verifier_controller_test.go @@ -22,10 +22,10 @@ import ( "strings" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - "github.com/deislabs/ratify/pkg/utils" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + "github.com/ratify-project/ratify/pkg/utils" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/pkg/controllers/resource_map.go b/pkg/controllers/resource_map.go index 7e250322b..2e9c758ee 100644 --- a/pkg/controllers/resource_map.go +++ b/pkg/controllers/resource_map.go @@ -14,10 +14,10 @@ limitations under the License. package controllers import ( - cs "github.com/deislabs/ratify/pkg/customresources/certificatestores" - "github.com/deislabs/ratify/pkg/customresources/policies" - rs "github.com/deislabs/ratify/pkg/customresources/referrerstores" - "github.com/deislabs/ratify/pkg/customresources/verifiers" + cs "github.com/ratify-project/ratify/pkg/customresources/certificatestores" + "github.com/ratify-project/ratify/pkg/customresources/policies" + rs "github.com/ratify-project/ratify/pkg/customresources/referrerstores" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" ) var ( diff --git a/pkg/controllers/utils/kmp.go b/pkg/controllers/utils/kmp.go index d0b066827..14f5d72d2 100644 --- a/pkg/controllers/utils/kmp.go +++ b/pkg/controllers/utils/kmp.go @@ -17,11 +17,11 @@ import ( "encoding/json" "fmt" - c "github.com/deislabs/ratify/config" - kmp "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" - "github.com/deislabs/ratify/pkg/keymanagementprovider/types" + c "github.com/ratify-project/ratify/config" + kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/types" ) // SpecToKeyManagementProvider creates KeyManagementProvider from KeyManagementProviderSpec config diff --git a/pkg/controllers/utils/kmp_test.go b/pkg/controllers/utils/kmp_test.go index eff43b957..e3223e481 100644 --- a/pkg/controllers/utils/kmp_test.go +++ b/pkg/controllers/utils/kmp_test.go @@ -17,8 +17,8 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - _ "github.com/deislabs/ratify/pkg/keymanagementprovider/inline" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + _ "github.com/ratify-project/ratify/pkg/keymanagementprovider/inline" ) func TestSpecToKeyManagementProviderProvider(t *testing.T) { diff --git a/pkg/controllers/utils/policy.go b/pkg/controllers/utils/policy.go index 27014d739..1408972a5 100644 --- a/pkg/controllers/utils/policy.go +++ b/pkg/controllers/utils/policy.go @@ -17,9 +17,9 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" ) func SpecToPolicyEnforcer(raw []byte, policyType string) (policyprovider.PolicyProvider, error) { diff --git a/pkg/controllers/utils/policy_test.go b/pkg/controllers/utils/policy_test.go index 752910cda..d505e9cb2 100644 --- a/pkg/controllers/utils/policy_test.go +++ b/pkg/controllers/utils/policy_test.go @@ -17,10 +17,10 @@ import ( "reflect" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" - "github.com/deislabs/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/policyprovider/config" "k8s.io/apimachinery/pkg/runtime" ) diff --git a/pkg/controllers/utils/store.go b/pkg/controllers/utils/store.go index 2ff0d9f03..d3e5fd2b2 100644 --- a/pkg/controllers/utils/store.go +++ b/pkg/controllers/utils/store.go @@ -17,12 +17,12 @@ import ( "encoding/json" "fmt" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/controllers" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - sf "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/controllers" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + sf "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/utils/store_test.go b/pkg/controllers/utils/store_test.go index 970cf9744..aea018556 100644 --- a/pkg/controllers/utils/store_test.go +++ b/pkg/controllers/utils/store_test.go @@ -17,10 +17,10 @@ import ( "os" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - test "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + test "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier/types" ) const ( diff --git a/pkg/controllers/utils/verifier.go b/pkg/controllers/utils/verifier.go index 33a26aa64..0b2557996 100644 --- a/pkg/controllers/utils/verifier.go +++ b/pkg/controllers/utils/verifier.go @@ -16,13 +16,13 @@ package utils import ( "encoding/json" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - vc "github.com/deislabs/ratify/pkg/verifier/config" - vf "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + vc "github.com/ratify-project/ratify/pkg/verifier/config" + vf "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/controllers" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/controllers" "github.com/sirupsen/logrus" ) diff --git a/pkg/controllers/utils/verifier_test.go b/pkg/controllers/utils/verifier_test.go index 80e8f548b..8ccf9a6d7 100644 --- a/pkg/controllers/utils/verifier_test.go +++ b/pkg/controllers/utils/verifier_test.go @@ -17,12 +17,12 @@ import ( "os" "testing" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/customresources/verifiers" - test "github.com/deislabs/ratify/pkg/utils" - vc "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/types" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/customresources/verifiers" + test "github.com/ratify-project/ratify/pkg/utils" + vc "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/types" ) const ( diff --git a/pkg/customresources/certificatestores/certificatestores.go b/pkg/customresources/certificatestores/certificatestores.go index f23c60af1..1bea741bc 100644 --- a/pkg/customresources/certificatestores/certificatestores.go +++ b/pkg/customresources/certificatestores/certificatestores.go @@ -21,10 +21,10 @@ import ( "strings" "sync" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/utils" - vu "github.com/deislabs/ratify/pkg/verifier/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/utils" + vu "github.com/ratify-project/ratify/pkg/verifier/utils" ) // ActiveCertStores implements the CertStoreManager interface diff --git a/pkg/customresources/certificatestores/certificatestores_test.go b/pkg/customresources/certificatestores/certificatestores_test.go index 7b0d0a898..4e45e9f92 100644 --- a/pkg/customresources/certificatestores/certificatestores_test.go +++ b/pkg/customresources/certificatestores/certificatestores_test.go @@ -24,9 +24,9 @@ import ( "testing" "time" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/customresources/policies/api.go b/pkg/customresources/policies/api.go index 92d87ee75..8ad1170ea 100644 --- a/pkg/customresources/policies/api.go +++ b/pkg/customresources/policies/api.go @@ -15,7 +15,7 @@ limitations under the License. package policies -import "github.com/deislabs/ratify/pkg/policyprovider" +import "github.com/ratify-project/ratify/pkg/policyprovider" // PolicyManager is an interface that defines the methods for managing policies across different scopes. type PolicyManager interface { diff --git a/pkg/customresources/policies/policies.go b/pkg/customresources/policies/policies.go index 425d3bc13..338abb9b5 100644 --- a/pkg/customresources/policies/policies.go +++ b/pkg/customresources/policies/policies.go @@ -18,8 +18,8 @@ package policies import ( "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/policyprovider" ) // PolicyWrapper wraps policy provider with its policy name. diff --git a/pkg/customresources/policies/policies_test.go b/pkg/customresources/policies/policies_test.go index 6acfbc48b..811303f77 100644 --- a/pkg/customresources/policies/policies_test.go +++ b/pkg/customresources/policies/policies_test.go @@ -19,10 +19,10 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" ) type mockPolicy struct{} diff --git a/pkg/customresources/referrerstores/api.go b/pkg/customresources/referrerstores/api.go index 63fcc47ae..04f07e40b 100644 --- a/pkg/customresources/referrerstores/api.go +++ b/pkg/customresources/referrerstores/api.go @@ -16,7 +16,7 @@ limitations under the License. package referrerstores import ( - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // ReferrerStoreManager is an interface that defines the methods for managing referrer stores across different scopes. diff --git a/pkg/customresources/referrerstores/stores.go b/pkg/customresources/referrerstores/stores.go index fc1e67f56..4de864c5d 100644 --- a/pkg/customresources/referrerstores/stores.go +++ b/pkg/customresources/referrerstores/stores.go @@ -18,8 +18,8 @@ package referrerstores import ( "sync" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // ActiveStores implements the ReferrerStoreManager interface. diff --git a/pkg/customresources/referrerstores/stores_test.go b/pkg/customresources/referrerstores/stores_test.go index b590e8d09..7552a8b5e 100644 --- a/pkg/customresources/referrerstores/stores_test.go +++ b/pkg/customresources/referrerstores/stores_test.go @@ -19,12 +19,12 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - rs "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + rs "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type mockStore struct { diff --git a/pkg/customresources/verifiers/api.go b/pkg/customresources/verifiers/api.go index 919c92e39..4ea34e5dd 100644 --- a/pkg/customresources/verifiers/api.go +++ b/pkg/customresources/verifiers/api.go @@ -16,7 +16,7 @@ limitations under the License. package verifiers import ( - vr "github.com/deislabs/ratify/pkg/verifier" + vr "github.com/ratify-project/ratify/pkg/verifier" ) // VerifierManager is an interface that defines the methods for managing verifiers across different scopes. diff --git a/pkg/customresources/verifiers/verifiers.go b/pkg/customresources/verifiers/verifiers.go index 758be683f..8d24b1a2a 100644 --- a/pkg/customresources/verifiers/verifiers.go +++ b/pkg/customresources/verifiers/verifiers.go @@ -18,8 +18,8 @@ package verifiers import ( "sync" - "github.com/deislabs/ratify/internal/constants" - vr "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/internal/constants" + vr "github.com/ratify-project/ratify/pkg/verifier" ) // ActiveVerifiers implements VerifierManger interface. diff --git a/pkg/customresources/verifiers/verifiers_test.go b/pkg/customresources/verifiers/verifiers_test.go index 02148d633..852d664fe 100644 --- a/pkg/customresources/verifiers/verifiers_test.go +++ b/pkg/customresources/verifiers/verifiers_test.go @@ -19,11 +19,11 @@ import ( "context" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" ) type mockVerifier struct { diff --git a/pkg/executor/api.go b/pkg/executor/api.go index 8ea2d5c95..c40592125 100644 --- a/pkg/executor/api.go +++ b/pkg/executor/api.go @@ -19,7 +19,7 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/executor/types" ) // VerifyParameters describes the subject verification parameters diff --git a/pkg/executor/core/executor.go b/pkg/executor/core/executor.go index f1cec9d79..ef9d27210 100644 --- a/pkg/executor/core/executor.go +++ b/pkg/executor/core/executor.go @@ -21,21 +21,21 @@ import ( "sync" "time" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - e "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - su "github.com/deislabs/ratify/pkg/referrerstore/utils" - "github.com/deislabs/ratify/pkg/utils" - vr "github.com/deislabs/ratify/pkg/verifier" - vt "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + e "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + su "github.com/ratify-project/ratify/pkg/referrerstore/utils" + "github.com/ratify-project/ratify/pkg/utils" + vr "github.com/ratify-project/ratify/pkg/verifier" + vt "github.com/ratify-project/ratify/pkg/verifier/types" "golang.org/x/sync/errgroup" ) diff --git a/pkg/executor/core/executor_test.go b/pkg/executor/core/executor_test.go index a4fbb1518..b30b64a9a 100644 --- a/pkg/executor/core/executor_test.go +++ b/pkg/executor/core/executor_test.go @@ -22,22 +22,22 @@ import ( "testing" "time" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - e "github.com/deislabs/ratify/pkg/executor" - exConfig "github.com/deislabs/ratify/pkg/executor/config" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - policyConfig "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" - policyTypes "github.com/deislabs/ratify/pkg/policyprovider/types" - pt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/referrerstore" - storeConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + e "github.com/ratify-project/ratify/pkg/executor" + exConfig "github.com/ratify-project/ratify/pkg/executor/config" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + policyConfig "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" + policyTypes "github.com/ratify-project/ratify/pkg/policyprovider/types" + pt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/referrerstore" + storeConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/executor/core/executorwithcache.go b/pkg/executor/core/executorwithcache.go index c3e1c2c52..c95171fa7 100644 --- a/pkg/executor/core/executorwithcache.go +++ b/pkg/executor/core/executorwithcache.go @@ -19,9 +19,9 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/verifiercache" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/verifiercache" ) // ExecutorWithCache wraps the executor with a verifier cache diff --git a/pkg/executor/core/testtypes.go b/pkg/executor/core/testtypes.go index fd28a410d..e3717d4cf 100644 --- a/pkg/executor/core/testtypes.go +++ b/pkg/executor/core/testtypes.go @@ -18,10 +18,10 @@ package core import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestVerifier struct { diff --git a/pkg/executor/types/types.go b/pkg/executor/types/types.go index d615991f5..ccf78c337 100644 --- a/pkg/executor/types/types.go +++ b/pkg/executor/types/types.go @@ -18,7 +18,7 @@ package types import ( "fmt" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/verifier/types" ) // VerifyResult describes the results of verifying a subject diff --git a/pkg/keymanagementprovider/azurekeyvault/auth.go b/pkg/keymanagementprovider/azurekeyvault/auth.go index 6769038eb..d380beb00 100644 --- a/pkg/keymanagementprovider/azurekeyvault/auth.go +++ b/pkg/keymanagementprovider/azurekeyvault/auth.go @@ -25,7 +25,7 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/utils/azureauth" + "github.com/ratify-project/ratify/pkg/utils/azureauth" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go index 24bb07845..f24114751 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider.go @@ -28,14 +28,14 @@ import ( "strings" "time" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" - "github.com/deislabs/ratify/pkg/metrics" "github.com/go-jose/go-jose/v3" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/pkg/metrics" "golang.org/x/crypto/pkcs12" kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" @@ -140,7 +140,7 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.Name, s.vaultURI) // fetch the object from Key Vault - // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details + // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details startTime := time.Now() secretBundle, err := s.kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version) if err != nil { diff --git a/pkg/keymanagementprovider/azurekeyvault/provider_test.go b/pkg/keymanagementprovider/azurekeyvault/provider_test.go index fc9730cad..ecb5863d8 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider_test.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider_test.go @@ -26,8 +26,8 @@ import ( kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" "github.com/Azure/go-autorest/autorest/azure" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault/types" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/factory/factory.go b/pkg/keymanagementprovider/factory/factory.go index 150093b54..401ebb8ce 100644 --- a/pkg/keymanagementprovider/factory/factory.go +++ b/pkg/keymanagementprovider/factory/factory.go @@ -18,9 +18,9 @@ package factory import ( "fmt" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/types" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/types" ) // map of key management provider names to key management provider factories diff --git a/pkg/keymanagementprovider/factory/factory_test.go b/pkg/keymanagementprovider/factory/factory_test.go index 9a89904ad..8f28bee0d 100644 --- a/pkg/keymanagementprovider/factory/factory_test.go +++ b/pkg/keymanagementprovider/factory/factory_test.go @@ -18,9 +18,9 @@ package factory import ( "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/mocks" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/mocks" ) type TestKeyManagementProviderFactory struct{} diff --git a/pkg/keymanagementprovider/inline/provider.go b/pkg/keymanagementprovider/inline/provider.go index c6bc3e0a2..2bd6b83ef 100644 --- a/pkg/keymanagementprovider/inline/provider.go +++ b/pkg/keymanagementprovider/inline/provider.go @@ -22,10 +22,10 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" - "github.com/deislabs/ratify/pkg/keymanagementprovider/factory" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" ) const ( diff --git a/pkg/keymanagementprovider/inline/provider_test.go b/pkg/keymanagementprovider/inline/provider_test.go index 9b7f93fcf..68b461523 100644 --- a/pkg/keymanagementprovider/inline/provider_test.go +++ b/pkg/keymanagementprovider/inline/provider_test.go @@ -19,8 +19,8 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/config" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/keymanagementprovider.go b/pkg/keymanagementprovider/keymanagementprovider.go index 76791d143..714deda94 100644 --- a/pkg/keymanagementprovider/keymanagementprovider.go +++ b/pkg/keymanagementprovider/keymanagementprovider.go @@ -24,10 +24,10 @@ import ( "strings" "sync" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/constants" - ctxUtils "github.com/deislabs/ratify/internal/context" - vu "github.com/deislabs/ratify/pkg/verifier/utils" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/constants" + ctxUtils "github.com/ratify-project/ratify/internal/context" + vu "github.com/ratify-project/ratify/pkg/verifier/utils" "github.com/sigstore/sigstore/pkg/cryptoutils" ) diff --git a/pkg/keymanagementprovider/keymanagementprovider_test.go b/pkg/keymanagementprovider/keymanagementprovider_test.go index 9a4b6f0be..6e6a55acc 100644 --- a/pkg/keymanagementprovider/keymanagementprovider_test.go +++ b/pkg/keymanagementprovider/keymanagementprovider_test.go @@ -23,8 +23,8 @@ import ( "errors" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" - ctxUtils "github.com/deislabs/ratify/internal/context" + ratifyerrors "github.com/ratify-project/ratify/errors" + ctxUtils "github.com/ratify-project/ratify/internal/context" "github.com/stretchr/testify/assert" ) diff --git a/pkg/keymanagementprovider/mocks/types.go b/pkg/keymanagementprovider/mocks/types.go index 1a3b60ad4..829b08e52 100644 --- a/pkg/keymanagementprovider/mocks/types.go +++ b/pkg/keymanagementprovider/mocks/types.go @@ -20,7 +20,7 @@ import ( "crypto" "crypto/x509" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" ) type TestKeyManagementProvider struct { diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index ba6876107..f284ceaea 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -27,15 +27,15 @@ import ( // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. - "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/httpserver" - "github.com/deislabs/ratify/pkg/featureflag" - _ "github.com/deislabs/ratify/pkg/policyprovider/configpolicy" // register config policy provider - _ "github.com/deislabs/ratify/pkg/policyprovider/regopolicy" // register rego policy provider - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" // register ORAS referrer store - "github.com/deislabs/ratify/pkg/utils" - _ "github.com/deislabs/ratify/pkg/verifier/notation" // register notation verifier "github.com/open-policy-agent/cert-controller/pkg/rotator" + "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/httpserver" + "github.com/ratify-project/ratify/pkg/featureflag" + _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" // register config policy provider + _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" // register rego policy provider + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" // register ORAS referrer store + "github.com/ratify-project/ratify/pkg/utils" + _ "github.com/ratify-project/ratify/pkg/verifier/notation" // register notation verifier "github.com/sirupsen/logrus" _ "k8s.io/client-go/plugin/pkg/client/auth" // import additional authentication methods @@ -46,13 +46,13 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" - configv1alpha1 "github.com/deislabs/ratify/api/v1alpha1" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/controllers/clusterresource" - "github.com/deislabs/ratify/pkg/controllers/namespaceresource" - ef "github.com/deislabs/ratify/pkg/executor/core" + configv1alpha1 "github.com/ratify-project/ratify/api/v1alpha1" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers/clusterresource" + "github.com/ratify-project/ratify/pkg/controllers/namespaceresource" + ef "github.com/ratify-project/ratify/pkg/executor/core" //+kubebuilder:scaffold:imports ) @@ -130,7 +130,7 @@ func StartManager(certRotatorReady chan struct{}, probeAddr string) { Port: 9443, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, - LeaderElectionID: "1a306109.github.com/deislabs/ratify", + LeaderElectionID: "1a306109.github.com/ratify-project/ratify", // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/pkg/metrics/stats_reporter.go b/pkg/metrics/stats_reporter.go index 2cc294fbb..de8be99c3 100644 --- a/pkg/metrics/stats_reporter.go +++ b/pkg/metrics/stats_reporter.go @@ -18,7 +18,7 @@ package metrics import ( "context" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" "github.com/sirupsen/logrus" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" @@ -43,7 +43,7 @@ var ( ) const ( - scope = "github.com/deislabs/ratify" + scope = "github.com/ratify-project/ratify" // metric names metricNameVerificationDuration = "ratify_verification_request" diff --git a/pkg/metrics/stats_reporter_test.go b/pkg/metrics/stats_reporter_test.go index 317aa98dc..54dc1e362 100644 --- a/pkg/metrics/stats_reporter_test.go +++ b/pkg/metrics/stats_reporter_test.go @@ -20,7 +20,7 @@ import ( "fmt" "testing" - ctxUtils "github.com/deislabs/ratify/internal/context" + ctxUtils "github.com/ratify-project/ratify/internal/context" "go.opentelemetry.io/otel/attribute" instrument "go.opentelemetry.io/otel/metric" ) diff --git a/pkg/policyprovider/api.go b/pkg/policyprovider/api.go index 6492ec742..f137abc88 100644 --- a/pkg/policyprovider/api.go +++ b/pkg/policyprovider/api.go @@ -18,9 +18,9 @@ package policyprovider import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" ) // PolicyProvider is an interface with methods that represents policy decisions. diff --git a/pkg/policyprovider/configpolicy/configpolicy.go b/pkg/policyprovider/configpolicy/configpolicy.go index d8bfcf588..a0475bbc2 100644 --- a/pkg/policyprovider/configpolicy/configpolicy.go +++ b/pkg/policyprovider/configpolicy/configpolicy.go @@ -20,15 +20,15 @@ import ( "encoding/json" "fmt" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - vt "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/deislabs/ratify/pkg/verifier" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + vt "github.com/ratify-project/ratify/pkg/policyprovider/types" + "github.com/ratify-project/ratify/pkg/verifier" ) // PolicyEnforcer describes different polices that are enforced during verification diff --git a/pkg/policyprovider/configpolicy/configpolicy_test.go b/pkg/policyprovider/configpolicy/configpolicy_test.go index 596b561a2..565359ef3 100644 --- a/pkg/policyprovider/configpolicy/configpolicy_test.go +++ b/pkg/policyprovider/configpolicy/configpolicy_test.go @@ -19,14 +19,14 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/common" - vt "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - pc "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/policyprovider/types" - vr "github.com/deislabs/ratify/pkg/verifier" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + vt "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + pc "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider/types" + vr "github.com/ratify-project/ratify/pkg/verifier" ) func TestPolicyEnforcer_ContinueVerifyOnFailure(t *testing.T) { diff --git a/pkg/policyprovider/factory/factory.go b/pkg/policyprovider/factory/factory.go index dbf9ed541..048fb221a 100644 --- a/pkg/policyprovider/factory/factory.go +++ b/pkg/policyprovider/factory/factory.go @@ -19,10 +19,10 @@ import ( "fmt" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/policyprovider/factory/factory_test.go b/pkg/policyprovider/factory/factory_test.go index 157c6972e..dbc255b8c 100644 --- a/pkg/policyprovider/factory/factory_test.go +++ b/pkg/policyprovider/factory/factory_test.go @@ -18,9 +18,9 @@ package factory import ( "testing" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - "github.com/deislabs/ratify/pkg/policyprovider/mocks" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/policyprovider/mocks" ) type TestPolicyProviderFactory struct{} diff --git a/pkg/policyprovider/mocks/types.go b/pkg/policyprovider/mocks/types.go index 0903f019d..bf57b1870 100644 --- a/pkg/policyprovider/mocks/types.go +++ b/pkg/policyprovider/mocks/types.go @@ -18,10 +18,10 @@ package mocks import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestPolicyProvider struct{} diff --git a/pkg/policyprovider/policyengine/opaengine/opa_engine.go b/pkg/policyprovider/policyengine/opaengine/opa_engine.go index 1f1174d68..6eddfe9af 100644 --- a/pkg/policyprovider/policyengine/opaengine/opa_engine.go +++ b/pkg/policyprovider/policyengine/opaengine/opa_engine.go @@ -20,8 +20,8 @@ import ( "errors" "strings" - "github.com/deislabs/ratify/pkg/policyprovider/policyengine" - "github.com/deislabs/ratify/pkg/policyprovider/policyquery" + "github.com/ratify-project/ratify/pkg/policyprovider/policyengine" + "github.com/ratify-project/ratify/pkg/policyprovider/policyquery" ) const OPA = "opa" diff --git a/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go b/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go index 49160c3ba..9184155a3 100644 --- a/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go +++ b/pkg/policyprovider/policyengine/opaengine/opa_engine_test.go @@ -19,7 +19,7 @@ import ( "context" "testing" - query "github.com/deislabs/ratify/pkg/policyprovider/policyquery/rego" + query "github.com/ratify-project/ratify/pkg/policyprovider/policyquery/rego" ) const ( diff --git a/pkg/policyprovider/policyquery/rego/query.go b/pkg/policyprovider/policyquery/rego/query.go index f5832a855..3c7f60a85 100644 --- a/pkg/policyprovider/policyquery/rego/query.go +++ b/pkg/policyprovider/policyquery/rego/query.go @@ -19,9 +19,9 @@ import ( "context" "fmt" - "github.com/deislabs/ratify/pkg/policyprovider/policyquery" "github.com/open-policy-agent/opa/rego" "github.com/pkg/errors" + "github.com/ratify-project/ratify/pkg/policyprovider/policyquery" ) const ( diff --git a/pkg/policyprovider/regopolicy/regopolicy.go b/pkg/policyprovider/regopolicy/regopolicy.go index ad3d85057..f5251a0cd 100644 --- a/pkg/policyprovider/regopolicy/regopolicy.go +++ b/pkg/policyprovider/regopolicy/regopolicy.go @@ -21,18 +21,18 @@ import ( "fmt" "os" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider" - "github.com/deislabs/ratify/pkg/policyprovider/config" - pf "github.com/deislabs/ratify/pkg/policyprovider/factory" - "github.com/deislabs/ratify/pkg/policyprovider/policyengine" - opa "github.com/deislabs/ratify/pkg/policyprovider/policyengine/opaengine" - query "github.com/deislabs/ratify/pkg/policyprovider/policyquery/rego" - policyTypes "github.com/deislabs/ratify/pkg/policyprovider/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider" + "github.com/ratify-project/ratify/pkg/policyprovider/config" + pf "github.com/ratify-project/ratify/pkg/policyprovider/factory" + "github.com/ratify-project/ratify/pkg/policyprovider/policyengine" + opa "github.com/ratify-project/ratify/pkg/policyprovider/policyengine/opaengine" + query "github.com/ratify-project/ratify/pkg/policyprovider/policyquery/rego" + policyTypes "github.com/ratify-project/ratify/pkg/policyprovider/types" ) type policyEnforcer struct { diff --git a/pkg/policyprovider/regopolicy/regopolicy_test.go b/pkg/policyprovider/regopolicy/regopolicy_test.go index d8327943a..eb6ab05f8 100644 --- a/pkg/policyprovider/regopolicy/regopolicy_test.go +++ b/pkg/policyprovider/regopolicy/regopolicy_test.go @@ -21,10 +21,10 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/policyprovider/config" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/policyprovider/config" ) const ( diff --git a/pkg/referrerstore/api.go b/pkg/referrerstore/api.go index ed2da7f53..39482be71 100644 --- a/pkg/referrerstore/api.go +++ b/pkg/referrerstore/api.go @@ -18,10 +18,10 @@ package referrerstore import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) // ListReferrersResult represents the result of ListReferrers API diff --git a/pkg/referrerstore/factory/factory.go b/pkg/referrerstore/factory/factory.go index fb80faa50..740ce5f15 100644 --- a/pkg/referrerstore/factory/factory.go +++ b/pkg/referrerstore/factory/factory.go @@ -21,13 +21,13 @@ import ( "path" "strings" - re "github.com/deislabs/ratify/errors" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" + re "github.com/ratify-project/ratify/errors" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/referrerstore/factory/factory_test.go b/pkg/referrerstore/factory/factory_test.go index 405603d35..8c42ab654 100644 --- a/pkg/referrerstore/factory/factory_test.go +++ b/pkg/referrerstore/factory/factory_test.go @@ -21,12 +21,12 @@ import ( "path" "testing" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/referrerstore/mocks/memory_store.go b/pkg/referrerstore/mocks/memory_store.go index e64aa9c4e..9a0a07194 100644 --- a/pkg/referrerstore/mocks/memory_store.go +++ b/pkg/referrerstore/mocks/memory_store.go @@ -17,12 +17,12 @@ import ( "context" "fmt" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type MemoryTestStore struct { diff --git a/pkg/referrerstore/mocks/types.go b/pkg/referrerstore/mocks/types.go index 546b92e67..1685f98e8 100644 --- a/pkg/referrerstore/mocks/types.go +++ b/pkg/referrerstore/mocks/types.go @@ -20,12 +20,12 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type TestStore struct { diff --git a/pkg/referrerstore/oras/cache.go b/pkg/referrerstore/oras/cache.go index 3b983fa1e..d0c6c0608 100644 --- a/pkg/referrerstore/oras/cache.go +++ b/pkg/referrerstore/oras/cache.go @@ -21,12 +21,12 @@ import ( "fmt" "time" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) const defaultTTL = 10 diff --git a/pkg/referrerstore/oras/cache_test.go b/pkg/referrerstore/oras/cache_test.go index 569c20e2f..77fa1c7d2 100644 --- a/pkg/referrerstore/oras/cache_test.go +++ b/pkg/referrerstore/oras/cache_test.go @@ -22,12 +22,12 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" oci "github.com/opencontainers/image-spec/specs-go/v1" ) diff --git a/pkg/referrerstore/oras/cosign.go b/pkg/referrerstore/oras/cosign.go index 7d0d9a72b..a60f458ae 100644 --- a/pkg/referrerstore/oras/cosign.go +++ b/pkg/referrerstore/oras/cosign.go @@ -21,10 +21,10 @@ import ( "fmt" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" "oras.land/oras-go/v2/errdef" "oras.land/oras-go/v2/registry" diff --git a/pkg/referrerstore/oras/cosign_test.go b/pkg/referrerstore/oras/cosign_test.go index 3e87c001e..32693fa13 100644 --- a/pkg/referrerstore/oras/cosign_test.go +++ b/pkg/referrerstore/oras/cosign_test.go @@ -23,14 +23,14 @@ import ( "reflect" "testing" - ratifyerrors "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/cache" - _ "github.com/deislabs/ratify/pkg/cache/ristretto" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/oras/mocks" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + ratifyerrors "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/cache" + _ "github.com/ratify-project/ratify/pkg/cache/ristretto" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/oras/mocks" "oras.land/oras-go/v2/registry" "oras.land/oras-go/v2/registry/remote/errcode" ) diff --git a/pkg/referrerstore/oras/oras.go b/pkg/referrerstore/oras/oras.go index 45bfc999a..5300790d2 100644 --- a/pkg/referrerstore/oras/oras.go +++ b/pkg/referrerstore/oras/oras.go @@ -37,23 +37,23 @@ import ( "oras.land/oras-go/v2/registry/remote/errcode" "oras.land/oras-go/v2/registry/remote/retry" - ratifyconfig "github.com/deislabs/ratify/config" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/internal/version" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/oras/authprovider" - _ "github.com/deislabs/ratify/pkg/common/oras/authprovider/aws" // register aws auth provider - _ "github.com/deislabs/ratify/pkg/common/oras/authprovider/azure" // register azure auth provider - commonutils "github.com/deislabs/ratify/pkg/common/utils" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/metrics" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/factory" "github.com/opencontainers/go-digest" + ratifyconfig "github.com/ratify-project/ratify/config" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/internal/version" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/oras/authprovider" + _ "github.com/ratify-project/ratify/pkg/common/oras/authprovider/aws" // register aws auth provider + _ "github.com/ratify-project/ratify/pkg/common/oras/authprovider/azure" // register azure auth provider + commonutils "github.com/ratify-project/ratify/pkg/common/utils" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/factory" ) const ( diff --git a/pkg/referrerstore/oras/oras_test.go b/pkg/referrerstore/oras/oras_test.go index b561e5009..01a8516f1 100644 --- a/pkg/referrerstore/oras/oras_test.go +++ b/pkg/referrerstore/oras/oras_test.go @@ -29,13 +29,13 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/cache" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/oras/mocks" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/oras/mocks" "oras.land/oras-go/v2/registry" "oras.land/oras-go/v2/registry/remote/errcode" ) diff --git a/pkg/referrerstore/oras/utils.go b/pkg/referrerstore/oras/utils.go index 396044a87..1965b463b 100644 --- a/pkg/referrerstore/oras/utils.go +++ b/pkg/referrerstore/oras/utils.go @@ -19,8 +19,8 @@ import ( "regexp" "strings" - "github.com/deislabs/ratify/pkg/ocispecs" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) // Detect the loopback IP (127.0.0.1) diff --git a/pkg/referrerstore/oras/utils_test.go b/pkg/referrerstore/oras/utils_test.go index c54046e4a..74d14358b 100644 --- a/pkg/referrerstore/oras/utils_test.go +++ b/pkg/referrerstore/oras/utils_test.go @@ -18,9 +18,9 @@ package oras import ( "testing" - "github.com/deislabs/ratify/pkg/ocispecs" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/ocispecs" ) func TestIsInsecureRegistry(t *testing.T) { diff --git a/pkg/referrerstore/plugin/args.go b/pkg/referrerstore/plugin/args.go index 9bdaa04d6..18dfc68fa 100644 --- a/pkg/referrerstore/plugin/args.go +++ b/pkg/referrerstore/plugin/args.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" ) // ReferrerStorePluginArgs describes all arguments that are passed when a store plugin is invoked diff --git a/pkg/referrerstore/plugin/plugin.go b/pkg/referrerstore/plugin/plugin.go index 8f9e995b7..8f76590f8 100644 --- a/pkg/referrerstore/plugin/plugin.go +++ b/pkg/referrerstore/plugin/plugin.go @@ -22,13 +22,13 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/types" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/types" ) // StorePlugin describes a store that is implemented by invoking the plugins diff --git a/pkg/referrerstore/plugin/plugin_test.go b/pkg/referrerstore/plugin/plugin_test.go index 40223e52b..bc71ab1e0 100644 --- a/pkg/referrerstore/plugin/plugin_test.go +++ b/pkg/referrerstore/plugin/plugin_test.go @@ -22,9 +22,9 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" ) const ( diff --git a/pkg/referrerstore/plugin/skel/skel.go b/pkg/referrerstore/plugin/skel/skel.go index 345b2d2ff..39df7f14e 100644 --- a/pkg/referrerstore/plugin/skel/skel.go +++ b/pkg/referrerstore/plugin/skel/skel.go @@ -23,14 +23,14 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sp "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sp "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" + "github.com/ratify-project/ratify/pkg/utils" ) type pcontext struct { diff --git a/pkg/referrerstore/plugin/skel/skel_test.go b/pkg/referrerstore/plugin/skel/skel_test.go index 3a1e03ed3..36e716120 100644 --- a/pkg/referrerstore/plugin/skel/skel_test.go +++ b/pkg/referrerstore/plugin/skel/skel_test.go @@ -22,14 +22,14 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/referrerstore/types" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/referrerstore/types" + "github.com/ratify-project/ratify/pkg/utils" ) const skelPluginName = "skel-test-case" diff --git a/pkg/referrerstore/types/types.go b/pkg/referrerstore/types/types.go index e5ea55b71..3953176d9 100644 --- a/pkg/referrerstore/types/types.go +++ b/pkg/referrerstore/types/types.go @@ -19,8 +19,8 @@ import ( "encoding/json" "io" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) const ( diff --git a/pkg/referrerstore/utils/utils.go b/pkg/referrerstore/utils/utils.go index 9afd5ed67..dac30f2db 100644 --- a/pkg/referrerstore/utils/utils.go +++ b/pkg/referrerstore/utils/utils.go @@ -18,11 +18,11 @@ package utils import ( "context" - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) var logOpt = logger.Option{ diff --git a/pkg/referrerstore/utils/utils_test.go b/pkg/referrerstore/utils/utils_test.go index dc46e0f5b..55fdfa796 100644 --- a/pkg/referrerstore/utils/utils_test.go +++ b/pkg/referrerstore/utils/utils_test.go @@ -19,10 +19,10 @@ import ( "context" "testing" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/utils" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/utils" ) func TestResolveSubjectDescriptor_Success(t *testing.T) { diff --git a/pkg/utils/azureauth/authenticationUtils.go b/pkg/utils/azureauth/authenticationUtils.go index 96156577f..e24fb1488 100644 --- a/pkg/utils/azureauth/authenticationUtils.go +++ b/pkg/utils/azureauth/authenticationUtils.go @@ -22,7 +22,7 @@ import ( "time" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" - "github.com/deislabs/ratify/pkg/metrics" + "github.com/ratify-project/ratify/pkg/metrics" ) // Source: https://github.com/Azure/azure-workload-identity/blob/d126293e3c7c669378b225ad1b1f29cf6af4e56d/examples/msal-go/token_credential.go#L25 diff --git a/pkg/utils/certificateUtil_test.go b/pkg/utils/certificateUtil_test.go index 9db4fa983..aec3d79f6 100644 --- a/pkg/utils/certificateUtil_test.go +++ b/pkg/utils/certificateUtil_test.go @@ -18,7 +18,7 @@ import ( "os" "testing" - "github.com/deislabs/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/homedir" ) const ( diff --git a/pkg/utils/certificateUtils.go b/pkg/utils/certificateUtils.go index df0ed41df..f4945301b 100644 --- a/pkg/utils/certificateUtils.go +++ b/pkg/utils/certificateUtils.go @@ -23,9 +23,9 @@ import ( "path/filepath" - "github.com/deislabs/ratify/pkg/homedir" notationx509 "github.com/notaryproject/notation-core-go/x509" "github.com/pkg/errors" + "github.com/ratify-project/ratify/pkg/homedir" "github.com/sirupsen/logrus" ) diff --git a/pkg/utils/test_utils.go b/pkg/utils/test_utils.go index 5e0100719..4ef0fd5ef 100644 --- a/pkg/utils/test_utils.go +++ b/pkg/utils/test_utils.go @@ -21,7 +21,7 @@ import ( "os" "path/filepath" - configv1beta1 "github.com/deislabs/ratify/api/v1beta1" + configv1beta1 "github.com/ratify-project/ratify/api/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 578837f7d..6b90ea07a 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -22,10 +22,10 @@ import ( _ "crypto/sha256" // required package for digest.Parse - "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" "github.com/distribution/reference" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" ) const ( diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go index 859bb5876..cfba6a8ea 100644 --- a/pkg/utils/utils_test.go +++ b/pkg/utils/utils_test.go @@ -20,8 +20,8 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" "github.com/opencontainers/go-digest" + "github.com/ratify-project/ratify/pkg/common" ) const ( diff --git a/pkg/verifier/api.go b/pkg/verifier/api.go index 00f505de6..dcc549662 100644 --- a/pkg/verifier/api.go +++ b/pkg/verifier/api.go @@ -18,9 +18,9 @@ package verifier import ( "context" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" ) // VerifierResult describes the result of verifying a reference manifest for a subject diff --git a/pkg/verifier/config/config.go b/pkg/verifier/config/config.go index 8205d7bec..634ef1fd6 100644 --- a/pkg/verifier/config/config.go +++ b/pkg/verifier/config/config.go @@ -16,8 +16,8 @@ limitations under the License. package config import ( - "github.com/deislabs/ratify/pkg/ocispecs" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/ocispecs" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" ) type VerifierConfig map[string]interface{} diff --git a/pkg/verifier/cosign/cosign.go b/pkg/verifier/cosign/cosign.go index 34b0e3cb4..40a67fbfb 100644 --- a/pkg/verifier/cosign/cosign.go +++ b/pkg/verifier/cosign/cosign.go @@ -30,25 +30,25 @@ import ( "path/filepath" "strings" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" "golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/cryptobyte/asn1" - re "github.com/deislabs/ratify/errors" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/opencontainers/go-digest" imgspec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" + re "github.com/ratify-project/ratify/errors" "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio" "github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor" "github.com/sigstore/cosign/v2/pkg/cosign" diff --git a/pkg/verifier/cosign/cosign_test.go b/pkg/verifier/cosign/cosign_test.go index 0b6bf260d..4ceb03a96 100644 --- a/pkg/verifier/cosign/cosign_test.go +++ b/pkg/verifier/cosign/cosign_test.go @@ -29,14 +29,14 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/keymanagementprovider/azurekeyvault" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier/config" "github.com/opencontainers/go-digest" imgspec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier/config" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/pkg/oci/static" "github.com/sigstore/rekor/pkg/generated/client" @@ -45,7 +45,7 @@ import ( ) const ( - ratifySampleImageRef string = "ghcr.io/deislabs/ratify:v1" + ratifySampleImageRef string = "ghcr.io/ratify-project/ratify:v1" testIdentity string = "sozercan@gmail.com" testIssuer string = "https://github.com/login/oauth" ) diff --git a/pkg/verifier/cosign/trustpolicies.go b/pkg/verifier/cosign/trustpolicies.go index b4082d21d..4858cfd47 100644 --- a/pkg/verifier/cosign/trustpolicies.go +++ b/pkg/verifier/cosign/trustpolicies.go @@ -21,7 +21,7 @@ import ( "slices" "strings" - re "github.com/deislabs/ratify/errors" + re "github.com/ratify-project/ratify/errors" ) type TrustPolicies struct { diff --git a/pkg/verifier/cosign/trustpolicies_test.go b/pkg/verifier/cosign/trustpolicies_test.go index 2d7d29208..6b915a07e 100644 --- a/pkg/verifier/cosign/trustpolicies_test.go +++ b/pkg/verifier/cosign/trustpolicies_test.go @@ -31,7 +31,7 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -52,12 +52,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -68,12 +68,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -84,12 +84,12 @@ func TestCreateTrustPolicies(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -99,12 +99,12 @@ func TestCreateTrustPolicies(t *testing.T) { name: "invalid policy invalid trust policy config", policyConfigs: []TrustPolicyConfig{ { - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -135,16 +135,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify:v1", + reference: "ghcr.io/ratify-project/ratify:v1", wantErr: false, wantPolicyName: "test", }, @@ -153,16 +153,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify:v1", + reference: "ghcr.io/ratify-project/ratify:v1", wantErr: false, wantPolicyName: "test", }, @@ -171,16 +171,16 @@ func TestGetScopedPolicy(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify3:v1", + reference: "ghcr.io/ratify-project/ratify3:v1", wantErr: true, wantPolicyName: "", }, @@ -194,11 +194,11 @@ func TestGetScopedPolicy(t *testing.T) { }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify2:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify2:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, - reference: "ghcr.io/deislabs/ratify3:v1", + reference: "ghcr.io/ratify-project/ratify3:v1", wantErr: false, wantPolicyName: "global", }, @@ -233,7 +233,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -244,7 +244,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1", "ghcr.io/deislabs/ratify:v2"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1", "ghcr.io/ratify-project/ratify:v2"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -255,7 +255,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -266,7 +266,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -299,7 +299,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1", "ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1", "ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -310,12 +310,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -342,7 +342,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:*", "ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*", "ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -375,7 +375,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/*", "ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/*", "ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -386,7 +386,7 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { @@ -402,12 +402,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/*"}, + Scopes: []string{"ghcr.io/ratify-project/*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, @@ -418,12 +418,12 @@ func TestValidateScopes(t *testing.T) { policyConfigs: []TrustPolicyConfig{ { Name: "test", - Scopes: []string{"ghcr.io/deislabs/ratify:v1"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:v1"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, { Name: "test-2", - Scopes: []string{"ghcr.io/deislabs/ratify:*"}, + Scopes: []string{"ghcr.io/ratify-project/ratify:*"}, Keyless: KeylessConfig{CertificateIdentity: "test-identity", CertificateOIDCIssuer: "https://test-issuer.com"}, }, }, diff --git a/pkg/verifier/cosign/trustpolicy.go b/pkg/verifier/cosign/trustpolicy.go index 7efe26949..c49b86aa8 100644 --- a/pkg/verifier/cosign/trustpolicy.go +++ b/pkg/verifier/cosign/trustpolicy.go @@ -22,9 +22,9 @@ import ( "os" "slices" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/utils" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/utils" "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio" "github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor" "github.com/sigstore/cosign/v2/pkg/cosign" diff --git a/pkg/verifier/cosign/trustpolicy_test.go b/pkg/verifier/cosign/trustpolicy_test.go index c55a91d49..5cb10d212 100644 --- a/pkg/verifier/cosign/trustpolicy_test.go +++ b/pkg/verifier/cosign/trustpolicy_test.go @@ -22,8 +22,8 @@ import ( "fmt" "testing" - ctxUtils "github.com/deislabs/ratify/internal/context" - "github.com/deislabs/ratify/pkg/keymanagementprovider" + ctxUtils "github.com/ratify-project/ratify/internal/context" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" "github.com/sigstore/cosign/v2/pkg/cosign" ) diff --git a/pkg/verifier/factory/factory.go b/pkg/verifier/factory/factory.go index 43e16be3c..eb3bedabf 100644 --- a/pkg/verifier/factory/factory.go +++ b/pkg/verifier/factory/factory.go @@ -21,13 +21,13 @@ import ( "path" "strings" - re "github.com/deislabs/ratify/errors" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/featureflag" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/featureflag" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" "github.com/sirupsen/logrus" ) diff --git a/pkg/verifier/factory/factory_test.go b/pkg/verifier/factory/factory_test.go index b8ee940b3..d1d6be868 100644 --- a/pkg/verifier/factory/factory_test.go +++ b/pkg/verifier/factory/factory_test.go @@ -20,15 +20,15 @@ import ( "os" "testing" - "github.com/deislabs/ratify/internal/constants" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/internal/constants" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/plugin" ) type TestVerifier struct { diff --git a/pkg/verifier/mocks/types.go b/pkg/verifier/mocks/types.go index c6fb07394..cf311d3d1 100644 --- a/pkg/verifier/mocks/types.go +++ b/pkg/verifier/mocks/types.go @@ -19,9 +19,9 @@ import ( "context" "time" - "github.com/deislabs/ratify/pkg/executor" - "github.com/deislabs/ratify/pkg/executor/types" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/executor" + "github.com/ratify-project/ratify/pkg/executor/types" + "github.com/ratify-project/ratify/pkg/verifier" ) type TestExecutor struct { diff --git a/pkg/verifier/notation/notation.go b/pkg/verifier/notation/notation.go index a1db7a18b..6841dc99a 100644 --- a/pkg/verifier/notation/notation.go +++ b/pkg/verifier/notation/notation.go @@ -22,19 +22,19 @@ import ( paths "path/filepath" "strings" - ratifyconfig "github.com/deislabs/ratify/config" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/homedir" - - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/factory" - "github.com/deislabs/ratify/pkg/verifier/types" + ratifyconfig "github.com/ratify-project/ratify/config" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/notaryproject/notation-go/log" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/factory" + "github.com/ratify-project/ratify/pkg/verifier/types" _ "github.com/notaryproject/notation-core-go/signature/cose" // register COSE signature _ "github.com/notaryproject/notation-core-go/signature/jws" // register JWS signature diff --git a/pkg/verifier/notation/notation_test.go b/pkg/verifier/notation/notation_test.go index 876e1da74..10a9c63b1 100644 --- a/pkg/verifier/notation/notation_test.go +++ b/pkg/verifier/notation/notation_test.go @@ -22,17 +22,17 @@ import ( "reflect" "testing" - ratifyconfig "github.com/deislabs/ratify/config" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/homedir" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/verifier" sig "github.com/notaryproject/notation-core-go/signature" "github.com/notaryproject/notation-go" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + ratifyconfig "github.com/ratify-project/ratify/config" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/homedir" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/verifier/notation/truststore.go b/pkg/verifier/notation/truststore.go index 03d4c21c1..6a7314eac 100644 --- a/pkg/verifier/notation/truststore.go +++ b/pkg/verifier/notation/truststore.go @@ -21,11 +21,11 @@ import ( "errors" "fmt" - "github.com/deislabs/ratify/internal/logger" - "github.com/deislabs/ratify/pkg/controllers" - "github.com/deislabs/ratify/pkg/keymanagementprovider" - "github.com/deislabs/ratify/pkg/utils" "github.com/notaryproject/notation-go/verifier/truststore" + "github.com/ratify-project/ratify/internal/logger" + "github.com/ratify-project/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/keymanagementprovider" + "github.com/ratify-project/ratify/pkg/utils" ) var logOpt = logger.Option{ diff --git a/pkg/verifier/notation/truststore_test.go b/pkg/verifier/notation/truststore_test.go index 15145f036..12c331f0e 100644 --- a/pkg/verifier/notation/truststore_test.go +++ b/pkg/verifier/notation/truststore_test.go @@ -21,7 +21,7 @@ import ( "reflect" "testing" - "github.com/deislabs/ratify/pkg/controllers" + "github.com/ratify-project/ratify/pkg/controllers" ) const ( diff --git a/pkg/verifier/plugin/args.go b/pkg/verifier/plugin/args.go index 893743295..b4f627369 100644 --- a/pkg/verifier/plugin/args.go +++ b/pkg/verifier/plugin/args.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" ) // VerifierPluginArgs describes arguments that are passed to the verifier plugin diff --git a/pkg/verifier/plugin/plugin.go b/pkg/verifier/plugin/plugin.go index 2d51ebe50..9357b46bd 100644 --- a/pkg/verifier/plugin/plugin.go +++ b/pkg/verifier/plugin/plugin.go @@ -22,15 +22,15 @@ import ( "os" "strings" - re "github.com/deislabs/ratify/errors" - "github.com/deislabs/ratify/pkg/common" - pluginCommon "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - rc "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - "github.com/deislabs/ratify/pkg/verifier/types" + re "github.com/ratify-project/ratify/errors" + "github.com/ratify-project/ratify/pkg/common" + pluginCommon "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + rc "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + "github.com/ratify-project/ratify/pkg/verifier/types" ) // VerifierPlugin describes a verifier that is implemented by invoking the plugins diff --git a/pkg/verifier/plugin/plugin_test.go b/pkg/verifier/plugin/plugin_test.go index dd6c2faf6..f8f5bca7c 100644 --- a/pkg/verifier/plugin/plugin_test.go +++ b/pkg/verifier/plugin/plugin_test.go @@ -20,9 +20,9 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - sm "github.com/deislabs/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + sm "github.com/ratify-project/ratify/pkg/referrerstore/mocks" ) const ( diff --git a/pkg/verifier/plugin/skel/skel.go b/pkg/verifier/plugin/skel/skel.go index 834c69166..05b0ebd08 100644 --- a/pkg/verifier/plugin/skel/skel.go +++ b/pkg/verifier/plugin/skel/skel.go @@ -23,17 +23,17 @@ import ( "os" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - storeConfig "github.com/deislabs/ratify/pkg/referrerstore/config" - "github.com/deislabs/ratify/pkg/referrerstore/factory" - "github.com/deislabs/ratify/pkg/utils" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/config" - vp "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + storeConfig "github.com/ratify-project/ratify/pkg/referrerstore/config" + "github.com/ratify-project/ratify/pkg/referrerstore/factory" + "github.com/ratify-project/ratify/pkg/utils" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/config" + vp "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" ) type pcontext struct { diff --git a/pkg/verifier/plugin/skel/skel_test.go b/pkg/verifier/plugin/skel/skel_test.go index 97a78b411..e07cf1eb6 100644 --- a/pkg/verifier/plugin/skel/skel_test.go +++ b/pkg/verifier/plugin/skel/skel_test.go @@ -23,18 +23,18 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - sp "github.com/deislabs/ratify/pkg/referrerstore/plugin" - "github.com/deislabs/ratify/pkg/verifier/plugin" - "github.com/deislabs/ratify/pkg/verifier/types" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + sp "github.com/ratify-project/ratify/pkg/referrerstore/plugin" + "github.com/ratify-project/ratify/pkg/verifier/plugin" + "github.com/ratify-project/ratify/pkg/verifier/types" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier" // This import is required to utilize the oras built-in referrer store - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/utils" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/utils" ) const ( diff --git a/pkg/verifier/types/types.go b/pkg/verifier/types/types.go index df9890efb..1c12dc086 100644 --- a/pkg/verifier/types/types.go +++ b/pkg/verifier/types/types.go @@ -19,7 +19,7 @@ import ( "encoding/json" "io" - "github.com/deislabs/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier" ) const ( diff --git a/pkg/verifier/utils/utils.go b/pkg/verifier/utils/utils.go index 07e9068e5..7e128e6c7 100644 --- a/pkg/verifier/utils/utils.go +++ b/pkg/verifier/utils/utils.go @@ -18,7 +18,7 @@ package utils import ( "strings" - "github.com/deislabs/ratify/internal/constants" + "github.com/ratify-project/ratify/internal/constants" ) // return true if string looks like a K8s namespaced resource. e.g. namespace/name diff --git a/pkg/verifiercache/api.go b/pkg/verifiercache/api.go index a15ba76ee..03e14a4ce 100644 --- a/pkg/verifiercache/api.go +++ b/pkg/verifiercache/api.go @@ -19,7 +19,7 @@ import ( "context" "time" - et "github.com/deislabs/ratify/pkg/executor/types" + et "github.com/ratify-project/ratify/pkg/executor/types" ) // VerifierCache is an interface that defines methods to set/get results from a cache diff --git a/pkg/verifiercache/memory/memorycache.go b/pkg/verifiercache/memory/memorycache.go index 5ece3b0ea..a75126023 100644 --- a/pkg/verifiercache/memory/memorycache.go +++ b/pkg/verifiercache/memory/memorycache.go @@ -19,7 +19,7 @@ import ( "context" "time" - et "github.com/deislabs/ratify/pkg/executor/types" + et "github.com/ratify-project/ratify/pkg/executor/types" ) // Cache describes an in-memory cache with automatic expiration diff --git a/plugins/referrerstore/sample/sample.go b/plugins/referrerstore/sample/sample.go index 0eeef28f6..0a26d1fb3 100644 --- a/plugins/referrerstore/sample/sample.go +++ b/plugins/referrerstore/sample/sample.go @@ -16,12 +16,12 @@ limitations under the License. package main import ( - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/referrerstore/plugin/skel" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/referrerstore/plugin/skel" ) func main() { diff --git a/plugins/verifier/licensechecker/licensechecker.go b/plugins/verifier/licensechecker/licensechecker.go index f38ca9037..0e252f2a4 100644 --- a/plugins/verifier/licensechecker/licensechecker.go +++ b/plugins/verifier/licensechecker/licensechecker.go @@ -20,14 +20,14 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/plugins/verifier/licensechecker/utils" - - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/licensechecker/utils" + + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) type PluginConfig struct { diff --git a/plugins/verifier/sample/sample.go b/plugins/verifier/sample/sample.go index 8fc48554a..1fb80f9b8 100644 --- a/plugins/verifier/sample/sample.go +++ b/plugins/verifier/sample/sample.go @@ -20,12 +20,12 @@ import ( "fmt" "os" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/common/plugin/logger" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/common/plugin/logger" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) type PluginConfig struct { diff --git a/plugins/verifier/sbom/sbom.go b/plugins/verifier/sbom/sbom.go index df93746b7..cd8448da3 100644 --- a/plugins/verifier/sbom/sbom.go +++ b/plugins/verifier/sbom/sbom.go @@ -22,15 +22,15 @@ import ( "fmt" "strings" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/deislabs/ratify/plugins/verifier/sbom/utils" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + "github.com/ratify-project/ratify/plugins/verifier/sbom/utils" // This import is required to utilize the oras built-in referrer store - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" jsonLoader "github.com/spdx/tools-golang/json" "github.com/spdx/tools-golang/spdx" "github.com/spdx/tools-golang/spdx/v2/v2_3" diff --git a/plugins/verifier/sbom/sbom_test.go b/plugins/verifier/sbom/sbom_test.go index 042c2c378..8dc5a4c3f 100644 --- a/plugins/verifier/sbom/sbom_test.go +++ b/plugins/verifier/sbom/sbom_test.go @@ -20,7 +20,7 @@ import ( "strings" "testing" - "github.com/deislabs/ratify/plugins/verifier/sbom/utils" + "github.com/ratify-project/ratify/plugins/verifier/sbom/utils" ) func TestProcessSPDXJsonMediaType(t *testing.T) { diff --git a/plugins/verifier/schemavalidator/schema_validator.go b/plugins/verifier/schemavalidator/schema_validator.go index a5ab0edd4..2af66396e 100644 --- a/plugins/verifier/schemavalidator/schema_validator.go +++ b/plugins/verifier/schemavalidator/schema_validator.go @@ -20,13 +20,13 @@ import ( "encoding/json" "fmt" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" - "github.com/deislabs/ratify/plugins/verifier/schemavalidator/schemavalidation" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/schemavalidator/schemavalidation" ) type PluginConfig struct { diff --git a/plugins/verifier/vulnerabilityreport/vulnerability_report.go b/plugins/verifier/vulnerabilityreport/vulnerability_report.go index c28f0b62c..37089ccf4 100644 --- a/plugins/verifier/vulnerabilityreport/vulnerability_report.go +++ b/plugins/verifier/vulnerabilityreport/vulnerability_report.go @@ -24,15 +24,15 @@ import ( "strings" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore" - _ "github.com/deislabs/ratify/pkg/referrerstore/oras" - "github.com/deislabs/ratify/pkg/verifier" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" - "github.com/deislabs/ratify/plugins/verifier/vulnerabilityreport/schemavalidation" imagespec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore" + _ "github.com/ratify-project/ratify/pkg/referrerstore/oras" + "github.com/ratify-project/ratify/pkg/verifier" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" + "github.com/ratify-project/ratify/plugins/verifier/vulnerabilityreport/schemavalidation" ) //go:embed schemavalidation/schemas diff --git a/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go b/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go index eeea7f765..e6341bfe1 100644 --- a/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go +++ b/plugins/verifier/vulnerabilityreport/vulnerability_report_test.go @@ -20,13 +20,13 @@ import ( "testing" "time" - "github.com/deislabs/ratify/pkg/common" - "github.com/deislabs/ratify/pkg/ocispecs" - "github.com/deislabs/ratify/pkg/referrerstore/mocks" - "github.com/deislabs/ratify/pkg/verifier/plugin/skel" "github.com/opencontainers/go-digest" oci "github.com/opencontainers/image-spec/specs-go/v1" "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/ratify-project/ratify/pkg/common" + "github.com/ratify-project/ratify/pkg/ocispecs" + "github.com/ratify-project/ratify/pkg/referrerstore/mocks" + "github.com/ratify-project/ratify/pkg/verifier/plugin/skel" ) const sampleSarifReport string = `{ diff --git a/test/bats/quickstart-test.bats b/test/bats/quickstart-test.bats index e6c25cc14..1682b90f9 100644 --- a/test/bats/quickstart-test.bats +++ b/test/bats/quickstart-test.bats @@ -16,10 +16,10 @@ load helpers @test "validate quick start steps" { - run kubectl run demo --image=ghcr.io/deislabs/ratify/notary-image:signed + run kubectl run demo --image=ghcr.io/ratify-project/ratify/notary-image:signed assert_success # validate unsigned fails - run kubectl run demo1 --image=ghcr.io/deislabs/ratify/notary-image:unsigned + run kubectl run demo1 --image=ghcr.io/ratify-project/ratify/notary-image:unsigned assert_failure }