-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Develop #844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously any action and job ran with full read/write privileges as some jobs (docs) need write access. This commit limits the scope with which most jobs are running and only allows broader scope where necessary
There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](aio-libs/frozenlist#342)). Need to add gcc and libc to docker container as well as upgrade pip to resolve this. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
The upload of the code coverage has nothing to do with connaisseurs functionality and thus should be optional.
Cosign changed its error code for non existant images and missing signatures in transparency logs, resulting connaisseur in throwing wrong errors as well. This has been fixed.
Updates the requirements on [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@8.5.3...8.5.8) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](pypa/setuptools@v65.3.0...v65.5.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v3.0.0...v4.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-mock](https://github.com/pytest-dev/pytest-mock) to permit the latest version. - [Release notes](https://github.com/pytest-dev/pytest-mock/releases) - [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest-mock@v3.8.2...v3.10.0) --- updated-dependencies: - dependency-name: pytest-mock dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pytest-subprocess](https://github.com/aklajnert/pytest-subprocess) to permit the latest version. - [Release notes](https://github.com/aklajnert/pytest-subprocess/releases) - [Changelog](https://github.com/aklajnert/pytest-subprocess/blob/master/HISTORY.rst) - [Commits](aklajnert/pytest-subprocess@1.4.1...1.4.2) --- updated-dependencies: - dependency-name: pytest-subprocess dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
The older k8 versions (v1.16 - v1.19) are failing the pipeline. Since they reached their end of life anyways, they have been removed temporarily until we find a fix.
For the "other-ns" integration test a service account (SA) was created to make request to the kube api as this SA. Since k8s v1.22 SAs do not automatically generate their own access tokens as secrets anymore, but create them ad-hoc. The integration test was changed accordingly to this changed bahavior.
Older k3s instances don't seem to play well with the kernel on Ubuntu 20 any longer, so we're using deprecated Ubuntu 18.04 runners instead
Just because you've augmented an image with a new property (digest) doesn't mean you get to clear a different value (tag) in the setter. Signed-off-by: Philipp Belitz <philipp.belitz@securesystems.de>
There was a problem with the frozenlist package, which didn't had its packages added to wheels (aio-libs/frozenlist#342). The packages are now added, so the fix for this can be reverted, except for the pytest job which is the only one building on a debian image (faster runtime). Here the yarl and multidict packages still have the same problem as frozenlist had. Waiting fo a fix here.
Vulnerability coming in from cosign, that we cannot fix. Can cause excessiv memory growth to a go server. We don't use any go servers ...
With this change, Connaisseur now supports the use of tags and digests simultaneously. The signature is still validated based on the digest, but the human readable aspect of the tag isn't lost.
This commit allows for configuration of the TLS paramters used by Connaisseur when being called on one of its endpoints. This allows configuring both publicly trusted or self-signed certificates. Fix #225
Starkteetje
approved these changes
Dec 23, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v2.7.0
Feat
Fix
Refactor
Ci
Test
Docs
Update
Update jsonschema requirement from ~=4.16.0 to ~=4.17.3 (update: update jsonschema requirement from ~=4.16.0 to ~=4.17.3 #834) update: update jsonschema requirement from ~=4.16.0 to ~=4.17.3 #834
Update pytz requirement from ~=2022.2 to ~=2022.7 (update: update pytz requirement from ~=2022.2 to ~=2022.7 #841) update: update pytz requirement from ~=2022.2 to ~=2022.7 #841
Update pytest-asyncio requirement from ~=0.19.0 to ~=0.20.3 (update: update pytest-asyncio requirement from ~=0.19.0 to ~=0.20.3 #838) update: update pytest-asyncio requirement from ~=0.19.0 to ~=0.20.3 #838
Update setuptools requirement from ~=65.5.0 to ~=65.6.3 (update: update setuptools requirement from ~=65.5.0 to ~=65.6.3 #830) update: update setuptools requirement from ~=65.5.0 to ~=65.6.3 #830
Update pylint requirement from ~=2.15.3 to ~=2.15.9 (update: update pylint requirement from ~=2.15.3 to ~=2.15.9 #842) update: update pylint requirement from ~=2.15.3 to ~=2.15.9 #842
Update pytest-subprocess requirement from ~=1.4.1 to ~=1.4.2
Update pytest-mock requirement from ~=3.8.2 to ~=3.10.0
Update pytest-cov requirement from ~=3.0.0 to ~=4.0.0
Update setuptools requirement from ~=65.3.0 to ~=65.5.0
Update mkdocs-material requirement from ~=8.5.3 to ~=8.5.8
Update cosign to 1.13.1
PR is rebased to/aimed at branch
master
PR follows Contributing Guide
Added tests (if necessary)
Extended README/Documentation (if necessary)
Adjusted versions of image and Helm chart in
values.yaml
andChart.yaml
(if necessary)