Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Develop #844

Merged
merged 28 commits into from
Dec 23, 2022
Merged

Develop #844

merged 28 commits into from
Dec 23, 2022

Conversation

phbelitz
Copy link
Member

@phbelitz phbelitz commented Dec 23, 2022

v2.7.0

Feat

Fix

Refactor

Ci

Test

  • Add test to confirm image is logged on validation error

Docs

  • Add pip update to fix commands for running tests

Update

Starkteetje and others added 28 commits September 23, 2022 14:23
Previously any action and job ran with full read/write privileges as some jobs (docs) need write access. This commit limits the scope with which most jobs are running and only allows broader scope where necessary
There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](aio-libs/frozenlist#342)). Need to add gcc and libc to docker container as well as upgrade pip to resolve this. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
The upload of the code coverage has nothing to do with connaisseurs functionality and thus should be optional.
Cosign changed its error code for non existant images and missing signatures in transparency logs, resulting connaisseur in throwing wrong errors as well. This has been fixed.
Updates the requirements on [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@8.5.3...8.5.8)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst)
- [Commits](pypa/setuptools@v65.3.0...v65.5.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version.
- [Release notes](https://github.com/pytest-dev/pytest-cov/releases)
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v3.0.0...v4.0.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-mock](https://github.com/pytest-dev/pytest-mock) to permit the latest version.
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-mock@v3.8.2...v3.10.0)

---
updated-dependencies:
- dependency-name: pytest-mock
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-subprocess](https://github.com/aklajnert/pytest-subprocess) to permit the latest version.
- [Release notes](https://github.com/aklajnert/pytest-subprocess/releases)
- [Changelog](https://github.com/aklajnert/pytest-subprocess/blob/master/HISTORY.rst)
- [Commits](aklajnert/pytest-subprocess@1.4.1...1.4.2)

---
updated-dependencies:
- dependency-name: pytest-subprocess
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
The older k8 versions (v1.16 - v1.19) are failing the pipeline. Since they reached their end of life anyways, they have been removed temporarily until we find a fix.
For the "other-ns" integration test a service account (SA) was created to make request to the kube api as this SA. Since k8s v1.22 SAs do not automatically generate their own access tokens as secrets anymore, but create them ad-hoc. The integration test was changed accordingly to this changed bahavior.
Older k3s instances don't seem to play well with the kernel on Ubuntu 20 any longer, so we're using deprecated Ubuntu 18.04 runners instead
Just because you've augmented an image with a new property (digest) doesn't mean you get to clear a different value (tag) in the setter.

Signed-off-by: Philipp Belitz <philipp.belitz@securesystems.de>
There was a problem with the frozenlist package, which didn't had its packages added to wheels (aio-libs/frozenlist#342). The packages are now added, so the fix for this can be reverted, except for the pytest job which is the only one building on a debian image (faster runtime). Here the yarl and multidict packages still have the same problem as frozenlist had. Waiting fo a fix here.
Vulnerability coming in from cosign, that we cannot fix. Can cause excessiv memory growth to a go server. We don't use any go servers ...
With this change, Connaisseur now supports the use of tags and digests simultaneously. The signature is still validated based on the digest, but the human readable aspect of the tag isn't lost.
This commit allows for configuration of the TLS paramters used by Connaisseur when being called on one of its endpoints. This allows configuring both publicly trusted or self-signed certificates.

Fix #225
@phbelitz phbelitz merged commit 7ef4625 into master Dec 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants