Skip to content

Chore: Pull in Main#52

Merged
tommyd450 merged 22 commits intotech-previewfrom
tdalton/techPreviewPullinMain
Mar 4, 2026
Merged

Chore: Pull in Main#52
tommyd450 merged 22 commits intotech-previewfrom
tdalton/techPreviewPullinMain

Conversation

@tommyd450
Copy link

@tommyd450 tommyd450 commented Mar 4, 2026

No description provided.

dependabot bot and others added 22 commits January 26, 2026 04:58
@dependabot
build(deps): bump the all group with 3 updates (sigstore#606)
f06d44b 
Bumps the all group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [sigstore-conformance/extremely-dangerous-public-oidc-beacon](https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

Updates `github/codeql-action` from 4.31.10 to 4.31.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cdefb33...19b2f06)

Updates `sigstore-conformance/extremely-dangerous-public-oidc-beacon` from 1e3cabecd3790f48b79a795424e12fa3cb880dcb to 454ec8bad0455eabe5db9733a632c325fe963b6b
- [Commits](sigstore-conformance/extremely-dangerous-public-oidc-beacon@1e3cabe...454ec8b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github/codeql-action
  dependency-version: 4.31.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sigstore-conformance/extremely-dangerous-public-oidc-beacon
  dependency-version: 454ec8bad0455eabe5db9733a632c325fe963b6b
  dependency-type: direct:production
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@SequeI
fix: cleanup codebase issues and remove all ruff lint ignores (sigsto…
afb15a2 
…re#608)

Fixes:
- Fix typos: sgistore → sigstore in verifying.py, signle → single in _cli.py
- Replace deprecated logger.warn() with logger.warning() in sign_certificate.py

(D417 - missing arg descriptions):
- manifest.py: Add serialization_type, ignore_paths, shard_size args
- verifying.py: Add signature_path arg to Config.verify
- hashing.py: Add ignore_paths arg to use_file_serialization
- signing.py: Fix payload → dsse_payload in docstrings
- sign_sigstore_pb.py: Fix payload → raw_payload in docstrings
- sign_sigstore.py: Fix indentation for client_id arg
- sign_pkcs11.py: Add module_paths arg to CertSigner.__init__

(D105 - missing magic method docstring):
- manifest.py: Add docstring to Manifest.__eq__

Ruff config cleanup:
- Remove lint ignore rules (B024, D100-D107, D417, UP012, UP015)

Signed-off-by: SequeI <asiek@redhat.com>
@SequeI
chore: move cli tests to hatch environment (sigstore#607)
26b35a9 
Signed-off-by: SequeI <asiek@redhat.com>
@SequeI
fix: lazily create and cache OIDC Issuer for Kubernetes token support (
ad4451a 
…sigstore#609)

Issuer was created eagerly in __init__, fetching OIDC discovery config.
Kubernetes OIDC providers lack authorization_endpoint/token_endpoint,
causing failures even when identity_token was provided directly.

Now Issuer is lazily created and cached when OAuth flow is needed.

Signed-off-by: SequeI <asiek@redhat.com>
@dependabot
build(deps): bump the all group with 4 updates (sigstore#610)
9f2ebd9 
Bumps the all group with 4 updates: [docker/login-action](https://github.com/docker/login-action), [github/codeql-action](https://github.com/github/codeql-action), [sigstore-conformance/extremely-dangerous-public-oidc-beacon](https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance).


Updates `docker/login-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@5e57cd1...c94ce9f)

Updates `github/codeql-action` from 4.31.11 to 4.32.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@19b2f06...b20883b)

Updates `sigstore-conformance/extremely-dangerous-public-oidc-beacon` from 454ec8bad0455eabe5db9733a632c325fe963b6b to 8c13517721d6ae11cac357e58b9c81e988dc86e4
- [Commits](sigstore-conformance/extremely-dangerous-public-oidc-beacon@454ec8b...8c13517)

Updates `actions/attest-build-provenance` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@00014ed...96278af)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github/codeql-action
  dependency-version: 4.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: sigstore-conformance/extremely-dangerous-public-oidc-beacon
  dependency-version: 8c13517721d6ae11cac357e58b9c81e988dc86e4
  dependency-type: direct:production
  dependency-group: all
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github/codeql-action in the all group (sigstore#611)
d5ca141 
Bumps the all group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.32.0 to 4.32.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b20883b...45cbd0c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump the all group with 2 updates (sigstore#612)
05fde7b 
Bumps the all group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [sigstore-conformance/extremely-dangerous-public-oidc-beacon](https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon).


Updates `github/codeql-action` from 4.32.2 to 4.32.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@45cbd0c...9e907b5)

Updates `sigstore-conformance/extremely-dangerous-public-oidc-beacon` from 8c13517721d6ae11cac357e58b9c81e988dc86e4 to 72d9d63b71e66f36b3e008b8be44ffce84cd2b63
- [Commits](sigstore-conformance/extremely-dangerous-public-oidc-beacon@8c13517...72d9d63)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sigstore-conformance/extremely-dangerous-public-oidc-beacon
  dependency-version: 72d9d63b71e66f36b3e008b8be44ffce84cd2b63
  dependency-type: direct:production
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@sampras343
(fix): cert chain crash and bundle creation (sigstore#615)
9958fbc 
Signed-off-by: Sachin Sampras M <sampras343@gmail.com>
@dependabot
build(deps): bump github/codeql-action in the all group (sigstore#616)
b1917f4 
Bumps the all group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.32.3 to 4.32.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9e907b5...89a39a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@SequeI
Merge upstream/main into trustInstance
5697159
@SequeI
feat: add --instance support for TUF-based trust bootstrapping
8188add 
Allow users to bootstrap and use a Sigstore instance by its TUF
repository URL instead of requiring a full ClientTrustConfig JSON file.
Adds a trust-instance CLI command to seed the local TUF cache from a
root.json, and an --instance option on sign/verify to resolve trust
configuration via TUF at runtime. Bumps sigstore dependency to >=4.2.

Signed-off-by: SequeI <asiek@redhat.com>
@SequeI
Merge pull request #41 from securesign/trustInstance
27b3d1c 
Upstream pull
@red-hat-konflux
chore(deps): update registry.access.redhat.com/ubi9/python-312 docker…
dd05ed7 
… digest to a42f0e7 (#37)

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@SequeI
feat: add OCI registry signing and verification support (#35)
34e56e4 
* feat: add ModelCar format signing support

Add support for signing and verifying OCI images in ModelCar format.
This includes parsing OLOT annotations to extract original file content
digests, which enables interoperable signatures between local models
and their ModelCar container representations.

Signed-off-by: SequeI <asiek@redhat.com>

* fix: support oci:// prefix in image references

Strip the oci:// prefix from image references if present, allowing
users to specify images as oci://quay.io/repo/image:tag in addition
to quay.io/repo/image:tag.

Signed-off-by: SequeI <asiek@redhat.com>

---------

Signed-off-by: SequeI <asiek@redhat.com>
@SequeI
chore: bump for 0.1.0 release (#44)
cf83af0 
Signed-off-by: SequeI <asiek@redhat.com>
@SequeI
fix: use minimal python img (#49)
00fda8c 
Signed-off-by: SequeI <asiek@redhat.com>
@tommyd450
Updating Tekton files for TP branch
48edc9e
@tommyd450
Updating Version to 0.0.4
6b903b8
@tommyd450
Updating Targeted Branch
0a9a5ab
@tommyd450
Updatnig Version in Code
0f0579b
@tommyd450
Updating Github Workflows to point to tech preview branch
0778881
@tommyd450
Merge branch 'tech-preview' into tdalton/techPreviewPullinMain
4d6fa0d 
Signed-off-by: Tommy Dalton <59835082+tommyd450@users.noreply.github.com>
@tommyd450 tommyd450 merged commit 72c5002 into tech-preview Mar 4, 2026
52 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tommyd450 @SequeI @sampras343