Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose PEP 740 attestations functionality #236

Merged
merged 37 commits into from
Sep 1, 2024

Commits on May 16, 2024

  1. requirements: Add initial support for uploading PEP 740 attestations

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw authored and facutuesca committed May 16, 2024
    Configuration menu
    Copy the full SHA
    b526ff8 View commit details
    Browse the repository at this point in the history
  2. Misc lint fixes

    Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
    facutuesca committed May 16, 2024
    Configuration menu
    Copy the full SHA
    f267787 View commit details
    Browse the repository at this point in the history

Commits on Jun 11, 2024

  1. bump pypi_attestation_models, update usage

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    1571a0d View commit details
    Browse the repository at this point in the history
  2. attestations: single quotes

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    27500cf View commit details
    Browse the repository at this point in the history
  3. attestations: simplify err

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    e9c72dd View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    3166978 View commit details
    Browse the repository at this point in the history
  5. README: add a link

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    e7bd6ea View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2024

  1. runtime: constrain pypi-attestation-models with a range

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 18, 2024
    Configuration menu
    Copy the full SHA
    5aa7e41 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    4bc4ced View commit details
    Browse the repository at this point in the history

Commits on Jun 20, 2024

  1. runtime: bump range for pypi-attestation-models

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 20, 2024
    Configuration menu
    Copy the full SHA
    0e2b9c9 View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2024

  1. requirements: refreeze

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 21, 2024
    Configuration menu
    Copy the full SHA
    242d7e9 View commit details
    Browse the repository at this point in the history

Commits on Jun 24, 2024

  1. Update requirements/runtime.in

    Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
    woodruffw and webknjaz authored Jun 24, 2024
    Configuration menu
    Copy the full SHA
    aa69903 View commit details
    Browse the repository at this point in the history
  2. attestations: pre-validate dists as files

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    6b4d371 View commit details
    Browse the repository at this point in the history
  3. README: relocate PEP 740 info

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    16aa3a2 View commit details
    Browse the repository at this point in the history
  4. README: PEP 740 -> "digital attestations"

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    6dbccb5 View commit details
    Browse the repository at this point in the history
  5. README: explain that digital attestations require TP

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    16b5dc1 View commit details
    Browse the repository at this point in the history
  6. attestations: fix pylint

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    251402e View commit details
    Browse the repository at this point in the history
  7. twine-upload: debug -> notice, rm PEP ref

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    1e91a3b View commit details
    Browse the repository at this point in the history
  8. attestations: debug dists before signing

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    835d65d View commit details
    Browse the repository at this point in the history
  9. twine-upload: factor out TRUSTED_PUBLISHING

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 24, 2024
    Configuration menu
    Copy the full SHA
    95be6b9 View commit details
    Browse the repository at this point in the history

Commits on Jun 28, 2024

  1. pypi_attestation_models -> pypi_attestations

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    176c905 View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2024

  1. Merge remote-tracking branch 'upstream/unstable/v1' into ww/attestations

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    9bac976 View commit details
    Browse the repository at this point in the history
  2. runtime: bump constraints

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    6a808bf View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2024

  1. requirements: bump pypi-attestations

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    1bb6510 View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2024

  1. bump to pypi-attestations==0.0.9

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    8c640e3 View commit details
    Browse the repository at this point in the history
  2. attestations: use __main__ scope

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    e6556ab View commit details
    Browse the repository at this point in the history
  3. attestations: add main

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    8094cdf View commit details
    Browse the repository at this point in the history
  4. attestations: please the linter

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    57dba07 View commit details
    Browse the repository at this point in the history

Commits on Jul 22, 2024

  1. README: emphasize beta

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 22, 2024
    Configuration menu
    Copy the full SHA
    af78f7a View commit details
    Browse the repository at this point in the history
  2. twine-upload: emphasize attestations is a setting

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 22, 2024
    Configuration menu
    Copy the full SHA
    bcc935f View commit details
    Browse the repository at this point in the history
  3. twine-upload: setting -> input

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 22, 2024
    Configuration menu
    Copy the full SHA
    66f02b6 View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2024

  1. requirements: bump pypi-attestations, sigstore

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Jul 31, 2024
    Configuration menu
    Copy the full SHA
    28806ba View commit details
    Browse the repository at this point in the history

Commits on Aug 20, 2024

  1. requirements: bump sigstore, pypi-attestations

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Aug 20, 2024
    Configuration menu
    Copy the full SHA
    fed8784 View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2024

  1. Update attestations.py

    Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
    woodruffw and webknjaz authored Aug 21, 2024
    Configuration menu
    Copy the full SHA
    61ffce1 View commit details
    Browse the repository at this point in the history
  2. Apply suggestions from code review

    Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
    woodruffw and webknjaz authored Aug 21, 2024
    Configuration menu
    Copy the full SHA
    e1b63c3 View commit details
    Browse the repository at this point in the history
  3. attestations: use Path.resolve(), break out dist collection

    ...to make the linters happy.
    
    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    15d9377 View commit details
    Browse the repository at this point in the history
  4. attestations: use exists() instead of is_file()

    Signed-off-by: William Woodruff <william@trailofbits.com>
    woodruffw committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    473ca48 View commit details
    Browse the repository at this point in the history