defenseunicorns / uds-package-sigstore

🏭 UDS Sigstore Zarf Package
GNU Affero General Public License v3.0
1 stars 0 forks source link

🏭 UDS Sigstore Package

Made for UDS Latest Release Build Status OpenSSF Scorecard

[!NOTE] uds-package-sigstore is only a Bronze package and does not support all Sigstore features yet! If you would like to improve the package we welcome PRs! (see Contributing below)

[!IMPORTANT]
The arm64 package includes amd64 images due to lack of availability of arm64 images from upstream projects at this time. This means you can deploy the arm64 package on an arm64 kubernetes cluster, but some of the images contained in the package will require emulation (e.g., qemu or rosetta) to run properly.

This package is designed for use as part of a UDS Software Factory bundle deployed on UDS Core.

Sigstore is a set of open-source tools and services that simplify the process of signing and verifying software artifacts, enhancing software supply chain security by ensuring the authenticity and integrity of software packages.

Prerequisites

This package requires a Kubernetes Cluster providing a Storage Class that has UDS Core installed into it along with the appropriate certificates for Sigstore's components. You can learn more about configuring this package in the configuration documentation

Releases

The released packages can be found in ghcr.

UDS Tasks (for local dev and CI)

*For local dev, this requires installing uds-cli

After installing uds-cli, for a list of available tasks that can be run in this repository execute the following command:

uds run --list

Contributing

Please see the CONTRIBUTING.md

Development

When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the guide in uds-common.