Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: oci registry format signing auth [HYB-731] #50

Merged
merged 7 commits into from
Nov 20, 2024
Merged

fix: oci registry format signing auth [HYB-731] #50

merged 7 commits into from
Nov 20, 2024

Conversation

soniqua
Copy link
Contributor

@soniqua soniqua commented Nov 20, 2024

What

  • Adds a DockerHub Login step
  • Removes the registry-1.docker.io prefix from OCI items

Why

  • Require perms to push the signature
  • The prefix caused cosign to fail with a 401 after auth

@soniqua soniqua requested a review from a team as a code owner November 20, 2024 09:52
@soniqua soniqua enabled auto-merge (squash) November 20, 2024 10:12
@soniqua soniqua force-pushed the fix/oci-registry-format-signing-auth branch from 87efeb7 to cea1198 Compare November 20, 2024 11:37
@soniqua soniqua force-pushed the fix/oci-registry-format-signing-auth branch from cea1198 to 9a49596 Compare November 20, 2024 11:38
@soniqua soniqua merged commit 5d5de18 into rc Nov 20, 2024
6 checks passed
@soniqua soniqua deleted the fix/oci-registry-format-signing-auth branch November 20, 2024 15:22
@soniqua soniqua changed the title fix: oci registry format signing auth fix: oci registry format signing auth [HYB-731] Nov 21, 2024
soniqua added a commit that referenced this pull request Nov 28, 2024
@soniqua @saumilmac
feat: initial release [HYB-698] (#51)
355a73f 
* feat: uni broker helm chart

* chore: [skip ci] remove tag

* fix: ci and release config (#17)

* fix: ci and release config

* chore: editorconfig

* fix: disable helm chart publishing

* chore: remove test cases doc

* fix: update ca cert trust settings (#18)

* fix: update ca cert trust settings

* fix: docs to readme, correct var to disable cert trust

* fix: correct dockerhub password

* fix: support ACCEPTS_ (#19)

* fix: support ACCEPTS_

* fix: dockerhub password

* chore: expand dockerhub password (#20)

* fix: correct serviceAccount format (#25)

* fix: add missing serviceName field (#26)

* ci: move kubeconform to validate step (#27)

* fix: correct tenant to region (#23)

* fix: custom docker registry (#35)

* fix: specify universal broker platform auth and credential references (#24)

* fix: implement ingress and service (#29)

* fix: implement ingress and service

* fix: high availability mode, limits and requests, tolerations, affinities (#30)

* fix: high availability mode, limits and requests

* fix: tolerations, selectors, affinities

* fix: security context, openshift adaptation (#28)

* fix: enable commit signing (#21)

* fix: broker serve tls (#22)

* fix: support outbound proxy config (#31)

* fix: extra k8s objects, sidecars, initContainers (#32)

* fix: add logging levels, probe definitions (#33)

* fix: insecure downstream mode (#34)

* fix: preflight checks (#36)

* fix: preflight checks

* fix: remove preflight checks disable value

* fix: strict schema checking, cleanup (#40)

* ci: enable deploy and test (#37)

* ci: adds a queue step to prevent concurrent deploy/test cycles

* ci: upsize executor

* ci: helmignore

* ci: remove useless log

* fix: add runtimeclass and priorityclass (#39)

* ci: enable helm push (#43)

* chore: apply prettier formatting (#41)

* chore: fix precommit config for prettier

* chore: prettier

* ci: add security gates (#42)

* ci: add gates to PR workflow

* ci: add template for IaC scan

* fix: sign helm chart (#45)

* docs: LICENSE (#46)

* fix: publish and sign jobs (#47)

* fix: add missing gh context

* fix: change trigger from check_suite to release

* ci: use team-hybrid-common for github token (#48)

* fix: strip v from tag (#49)

* fix: remove registry-1.docker.io prefix (#50)

* fix: ensure post install notes reflect the Snyk region (#52)

---------

Co-authored-by: saumil Macwan <saumil.macwan@snyk.io>
soniqua added a commit that referenced this pull request Nov 28, 2024
@soniqua @saumilmac
feat: initial release [HYB-698] (#51)
ff58b45 
* feat: uni broker helm chart

* fix: ci and release config (#17)

* fix: ci and release config

* chore: editorconfig

* fix: disable helm chart publishing

* chore: remove test cases doc

* fix: update ca cert trust settings (#18)

* fix: update ca cert trust settings

* fix: docs to readme, correct var to disable cert trust

* fix: correct dockerhub password

* fix: support ACCEPTS_ (#19)

* fix: support ACCEPTS_

* fix: dockerhub password

* chore: expand dockerhub password (#20)

* fix: correct serviceAccount format (#25)

* fix: add missing serviceName field (#26)

* ci: move kubeconform to validate step (#27)

* fix: correct tenant to region (#23)

* fix: custom docker registry (#35)

* fix: specify universal broker platform auth and credential references (#24)

* fix: implement ingress and service (#29)

* fix: implement ingress and service

* fix: high availability mode, limits and requests, tolerations, affinities (#30)

* fix: high availability mode, limits and requests

* fix: tolerations, selectors, affinities

* fix: security context, openshift adaptation (#28)

* fix: enable commit signing (#21)

* fix: broker serve tls (#22)

* fix: support outbound proxy config (#31)

* fix: extra k8s objects, sidecars, initContainers (#32)

* fix: add logging levels, probe definitions (#33)

* fix: insecure downstream mode (#34)

* fix: preflight checks (#36)

* fix: preflight checks

* fix: remove preflight checks disable value

* fix: strict schema checking, cleanup (#40)

* ci: enable deploy and test (#37)

* ci: adds a queue step to prevent concurrent deploy/test cycles

* ci: upsize executor

* ci: helmignore

* ci: remove useless log

* fix: add runtimeclass and priorityclass (#39)

* ci: enable helm push (#43)

* chore: apply prettier formatting (#41)

* chore: fix precommit config for prettier

* chore: prettier

* ci: add security gates (#42)

* ci: add gates to PR workflow

* ci: add template for IaC scan

* fix: sign helm chart (#45)

* docs: LICENSE (#46)

* fix: publish and sign jobs (#47)

* fix: add missing gh context

* fix: change trigger from check_suite to release

* ci: use team-hybrid-common for github token (#48)

* fix: strip v from tag (#49)

* fix: remove registry-1.docker.io prefix (#50)

* fix: ensure post install notes reflect the Snyk region (#52)

---------

Co-authored-by: saumil Macwan <saumil.macwan@snyk.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavel-snyk pavel-snyk pavel-snyk approved these changes

@aarlaud aarlaud Awaiting requested review from aarlaud aarlaud is a code owner automatically assigned from snyk/hybrid

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@soniqua @pavel-snyk