Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump scaffolding to 0.4.12 #2402

Merged
merged 1 commit into from
Nov 2, 2022
Merged

bump scaffolding to 0.4.12 #2402

merged 1 commit into from
Nov 2, 2022

Conversation

bobcallaway
Copy link
Member

Signed-off-by: Bob Callaway bcallaway@google.com

Summary

Release Note

Documentation

@bobcallaway
bump scaffolding to 0.4.12
c1afcfb 
Signed-off-by: Bob Callaway <bcallaway@google.com>
@codecov-commenter
Copy link

Codecov Report

Merging #2402 (c1afcfb) into main (be215cf) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2402   +/-   ##
=======================================
  Coverage   30.14%   30.14%           
=======================================
  Files         136      136           
  Lines        8438     8438           
=======================================
  Hits         2544     2544           
  Misses       5565     5565           
  Partials      329      329

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@bobcallaway
Copy link
Member Author

@vaikas @priyawadhwa this model of pinning to back versions of rekor/fulcio as well as older versions of cosign via scaffolding feels very broken to me. Are we actually getting meaningful coverage from these tests in PRs?

@vaikas
Copy link
Contributor

vaikas commented Nov 2, 2022

That's a great point @bobcallaway and something that we did think about on how to best handle but never got around to it. Do you think we should be grabbing the latest or head for things like Fulcio/Rekor?

@vaikas vaikas merged commit 71f0b71 into sigstore:main Nov 2, 2022
@github-actions github-actions bot added this to the v1.14.0 milestone Nov 2, 2022
@bobcallaway
Copy link
Member Author

In rekor, @priyawadhwa implemented a check that ran rekor-cli against 3 versions (HEAD, and 2 latest published tags). For cosign, I would want to run it against prod, and perhaps a matrix of 3 versions of both rekor & fulcio for adding coverage to those running private instances of rekor and/or fulcio.

@vaikas
Copy link
Contributor

vaikas commented Nov 2, 2022 via email

@bobcallaway
Copy link
Member Author

Ok, that's doable. But only against released versions, correct?

On Wed, Nov 2, 2022 at 12:49 PM Bob Callaway @.> wrote: In rekor, @priyawadhwa implemented a check that ran rekor-cli against 3 versions (HEAD, and 2 latest published tags). For cosign, I would want to run it against prod, and perhaps a matrix of 3 versions of both rekor & fulcio for adding coverage to those running private instances of rekor and/or fulcio. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.>

yup

@vaikas vaikas mentioned this pull request Nov 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@priyawadhwa priyawadhwa priyawadhwa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.14.0
Development

Successfully merging this pull request may close these issues.
4 participants
@bobcallaway @codecov-commenter @vaikas @priyawadhwa