set is ci provider as false

Signed-off-by: Javan lacerda <javanlacerda@google.com>
javanlacerda · Jun 10, 2024 · e17da00 · e17da00
1 parent 5fa4ac0
commit e17da00
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/config/fulcio-config.yaml b/config/fulcio-config.yaml
@@ -89,7 +89,7 @@ data:
               "IssuerURL": "https://token.actions.githubusercontent.com",
               "ClientID": "sigstore",
               "Type": "github-workflow",
-              "IsCiProvider": true
+              "IsCiProvider": false
             }
           },
           "MetaIssuers": {
@@ -116,7 +116,7 @@ data:
             "https://token.actions.githubusercontent.com/*": {
               "ClientID": "sigstore",
               "Type": "github-workflow",
-              "IsCiProvider": true
+              "IsCiProvider": false
             }
           }
         }

diff --git a/federation/main.go b/federation/main.go
@@ -139,6 +139,8 @@ func main() {
 		fulcioConfig.OIDCIssuers[cfg.URL] = fulcioCfg
 	}
 
+	// We have to start to set IsCiProvider as true as default
+	// after moving the ci providers to the config.yaml
 	conf := readYaml()
 	for providerType, provider := range conf.Providers {
 		for _, issuer := range provider.OIDCIssuers {
@@ -147,15 +149,15 @@ func main() {
 				ClientID:     "sigstore",
 				Type:         config.IssuerType(providerType),
 				IssuerClaim:  issuer.IssuerClaim,
-				IsCiProvider: true,
+				IsCiProvider: issuer.IsCiProvider,
 			}
 			fulcioConfig.OIDCIssuers[fulcioCfg.IssuerURL] = fulcioCfg
 		}
 		for _, issuer := range provider.MetaIssuers {
 			fulcioMetaCfg := config.OIDCIssuer{
 				ClientID:     "sigstore",
 				Type:         config.IssuerType(providerType),
-				IsCiProvider: true,
+				IsCiProvider: issuer.IsCiProvider,
 			}
 			fulcioConfig.MetaIssuers[issuer.IssuerURL] = fulcioMetaCfg
 		}