request #41087 Sign our dev/test Docker images using GitHub ephemeral OIDC token

Artifact

Infos

Artifact ID#41087

Submitted byThomas Gerbet (tgerbet)

Last Modified On2024-12-05 15:44

Submitted on2024-12-05 11:44

Rank42741

Details

Summary *

Sign our dev/test Docker images using GitHub ephemeral OIDC token

Original Submission

These images are currently signed using a static key hosted on our HC Vault instance. Given they are hosted on GH and built using GitHub Actions we could sign them using the "keyless" signing mode. It gives us a similar level of trust and we do not need to provide access to our infrastructure.

CategoryDev tools

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2024-12-05

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #37902	Tuleap	Releases	16.3	Under development	2024-12-11 10:29	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #41087

Git commit

tuleap/tuleap/stable

chore: Adjust signature verification when we retrieve the dev Docker images 305a2ace80

Thomas Gerbet (tgerbet) , 2024-12-05 14:38

Show items referenced by request #41087

Referenced by request #41087

Artifact Tracker v5

rel #37902 16.3

Other

Follow-ups

Thomas Gerbet (tgerbet)

2024-12-05 15:44

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #37902
Close date set to 2024-12-05

Thomas Gerbet (tgerbet)

2024-12-05 15:26

Last part in gerrit #32644

Status changed from Under implementation to Under review

Thomas Gerbet (tgerbet)

2024-12-05 14:15

Other repositories have also been adjusted.

https://github.com/Enalean/docker-tuleap-test-phpunit/pull/74
https://github.com/Enalean/docker-ldap/pull/44
https://github.com/Enalean/docker-tuleap-aio-dev/pull/75
https://github.com/Enalean/bz2tuleap/pull/258

Joris MASSON (jmasson)

2024-12-05 12:45

https://github.com/Enalean/docker-tuleap-test-rest/pull/58 merged