migrate fulcio config to yaml and remove federation

Signed-off-by: Javan lacerda <javanlacerda@google.com>
sigstore · Jul 2, 2024 · dd1edb0 · dd1edb0
1 parent 44344c8
commit dd1edb0
Show file tree

Hide file tree

Showing 17 changed files with 1 addition and 408 deletions.
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -87,9 +87,3 @@ jobs:
         with:
           go-version: '1.22'
           check-latest: true
-
-      - name: check-config
-        run: |
-          set -e
-          go run federation/main.go
-          git diff --exit-code
diff --git a/docs/oidc.md b/docs/oidc.md
@@ -10,8 +10,7 @@ Sigstore runs a federated OIDC identity provider, Dex. Users authenticate to the
 
 To add a new OIDC issuer:
 
-* Add a file under the [`federation` folder](https://github.com/sigstore/fulcio/tree/main/federation) with the URL, new issuer type name, and contact ([example](https://github.com/sigstore/fulcio/blob/8975dfd/federation/agent.buildkite.com/config.yaml))
-* Add the new issuer to the [configuration](https://github.com/sigstore/fulcio/blob/main/config/fulcio-config.yaml) by running `go run federation/main.go`
+* Add the new issuer to the [configuration](https://github.com/sigstore/fulcio/blob/main/config/fulcio-config.yaml) manually, following the examples there`
 * Add the new issuer to the [`identity` folder](https://github.com/sigstore/fulcio/tree/main/pkg/identity) ([example](https://github.com/sigstore/fulcio/tree/main/pkg/identity/buildkite)). You will define an `Issuer` type and a way to map the token to the certificate extensions.
 * Define a constant with the issuer type name in the [configuration](https://github.com/sigstore/fulcio/blob/afeadb3b7d11f704489637cabc4e150dea3e00ed/pkg/config/config.go#L213-L221), add update the [tests](https://github.com/sigstore/fulcio/blob/afeadb3b7d11f704489637cabc4e150dea3e00ed/pkg/config/config_test.go#L473-L503)
 * Map the issuer type to the token claim that will be signed over when requesting a token [here](https://github.com/sigstore/fulcio/blob/afeadb3b7d11f704489637cabc4e150dea3e00ed/pkg/config/config.go#L464-L486). You can likely just use `sub`.

diff --git a/federation/README.md b/federation/README.md
diff --git a/federation/accounts.google.com/config.yaml b/federation/accounts.google.com/config.yaml
diff --git a/federation/agent.buildkite.com/config.yaml b/federation/agent.buildkite.com/config.yaml
diff --git a/federation/auth-staging.eclipse.org/config.yaml b/federation/auth-staging.eclipse.org/config.yaml
diff --git a/federation/auth.eclipse.org/config.yaml b/federation/auth.eclipse.org/config.yaml
diff --git a/federation/dev.gitlab.org/config.yaml b/federation/dev.gitlab.org/config.yaml
diff --git a/federation/external/allow.pub/config.yaml b/federation/external/allow.pub/config.yaml
diff --git a/federation/gitlab.archlinux.org/config.yaml b/federation/gitlab.archlinux.org/config.yaml
diff --git a/federation/gitlab.com/config.yaml b/federation/gitlab.com/config.yaml
diff --git a/federation/issuer.enforce.dev/config.yaml b/federation/issuer.enforce.dev/config.yaml
diff --git a/federation/main.go b/federation/main.go
diff --git a/federation/oauth2.sigstore.dev/config.yaml b/federation/oauth2.sigstore.dev/config.yaml
diff --git a/federation/oidc.codefresh.io/config.yaml b/federation/oidc.codefresh.io/config.yaml