move to yaml

Signed-off-by: Javan lacerda <javanlacerda@google.com>
sigstore · Jul 10, 2024 · 1169eb8 · 1169eb8
1 parent a813f73
commit 1169eb8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 17 deletions.
diff --git a/.github/workflows/verify-k8s.yml b/.github/workflows/verify-k8s.yml
@@ -45,18 +45,6 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false # Keep running if one leg fails.
-      matrix:
-        issuer:
-        - "OIDC Issuer"
-        - "Meta Issuer"
-
-        include:
-        - issuer: "OIDC Issuer"
-          issuer-config: |
-            "OIDCIssuers": {"https://kubernetes.default.svc": {"IssuerURL": "https://kubernetes.default.svc","ClientID": "sigstore","Type": "kubernetes"}}
-        - issuer: "Meta Issuer"
-          issuer-config: |
-            "MetaIssuers": {"https://kubernetes.*.svc": {"ClientID": "sigstore","Type": "kubernetes"}}
     env:
       # https://github.com/google/go-containerregistry/pull/125 allows insecure registry for
       # '*.local' hostnames. This works both for `ko` and our own tag-to-digest resolution logic,
@@ -123,10 +111,16 @@ jobs:
             name: fulcio-config
             namespace: fulcio-system
           data:
-            config.json: |-
-              {
-                ${{ matrix.issuer-config }}
-              }
+            config.yaml: |-
+              oidc-issuers:
+                https://kubernetes.default.svc:
+                  issuer-url: "https://kubernetes.default.svc"
+                  client-id: "sigstore"
+                  type: "kubernetes"
+              meta-issuers:
+                https://kubernetes.*.svc: 
+                  client-id: "sigstore"
+                  type: "kubernetes"
             server.yaml: |-
               host: 0.0.0.0
               port: 5555

diff --git a/cmd/app/serve.go b/cmd/app/serve.go
@@ -87,7 +87,7 @@ func newServeCmd() *cobra.Command {
 	cmd.Flags().String("hsm-caroot-id", "", "HSM ID for Root CA (only used with --ca pkcs11ca)")
 	cmd.Flags().String("ct-log-url", "http://localhost:6962/test", "host and path (with log prefix at the end) to the ct log")
 	cmd.Flags().String("ct-log-public-key-path", "", "Path to a PEM-encoded public key of the CT log, used to verify SCTs")
-	cmd.Flags().String("config-path", "/etc/fulcio-config/config.json", "path to fulcio config json")
+	cmd.Flags().String("config-path", "/etc/fulcio-config/config.yaml", "path to fulcio config yaml")
 	cmd.Flags().String("pkcs11-config-path", "config/crypto11.conf", "path to fulcio pkcs11 config file")
 	cmd.Flags().String("fileca-cert", "", "Path to CA certificate")
 	cmd.Flags().String("fileca-key", "", "Path to CA encrypted private key")