Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create sigstore signature for cli bundles #291

Merged
merged 5 commits into from
Oct 3, 2024
Merged

create sigstore signature for cli bundles #291

merged 5 commits into from
Oct 3, 2024

Conversation

MarkAckert
Copy link
Member

@MarkAckert MarkAckert commented Oct 2, 2024
edited
Loading

What It Does
This PR adds sigstore signatures to the SDK and CLI standalone packages.

How to Test
Run the workflow.

Review Checklist
I certify that I have:

@MarkAckert MarkAckert marked this pull request as ready for review October 2, 2024 20:27
@MarkAckert MarkAckert changed the title draft: create sigstore signature for cli bundles create sigstore signature for cli bundles Oct 2, 2024
zFernand0
zFernand0 approved these changes Oct 2, 2024
View reviewed changes
Copy link
Member

@zFernand0 zFernand0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes makes sense!
LGTM! 😋

t1m0thyj
t1m0thyj approved these changes Oct 3, 2024
View reviewed changes
Copy link
Member

@t1m0thyj t1m0thyj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not very familiar with Sigstore bundles and how we plan to use them, but changes LGTM - thanks @MarkAckert 😋

@MarkAckert
Copy link
Member Author

MarkAckert commented Oct 3, 2024
edited
Loading

They're replacing the GPG artifact signatures we've used up to now, and means we don't have to manage private keys anymore. We have instructions on how to use the sigstore bundles to validate artifacts on the zowe.org download page for PAX, SMPE and PSWI :-) . I'll add CLI in with the next release

@MarkAckert MarkAckert merged commit 07dfd5c into master Oct 3, 2024
11 checks passed
@MarkAckert MarkAckert deleted the user/markackert/sigstore-bundles branch October 3, 2024 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zFernand0 zFernand0 zFernand0 approved these changes

@t1m0thyj t1m0thyj t1m0thyj approved these changes

@awharn awharn Awaiting requested review from awharn

Assignees

@MarkAckert MarkAckert

Labels
None yet
Projects
Zowe CLI Squad
Status: Closed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MarkAckert @t1m0thyj @zFernand0