Codefresh OIDC provider support

sigstore / fulcio

Sigstore OIDC PKI

Apache License 2.0

651 stars 137 forks source link

Codefresh OIDC provider support #1592

Closed ilia-medvedev-codefresh closed 7 months ago

ilia-medvedev-codefresh commented 8 months ago

Codefresh has recently added support for OIDC in pipelines: https://codefresh.io/docs/docs/integrations/oidc-pipelines For integration with Sigstore Codefresh OIDC provider needs to be added to supported providers in Fulcio.

haydentherapper commented 7 months ago

@ilia-medvedev-codefresh The configuration has been rolled out to staging, https://fulcio.sigstage.dev. If you're using Cosign, you can follow https://docs.sigstore.dev/system_config/public_deployment/#staging-instance to set up the environment to test against. It's a different root of trust.

Let me know if you get a certificate issued properly and we'll move forward with enabling this in prod. If you can paste the cert here too so we can double check all values are as expected?

ilia-medvedev-codefresh commented 7 months ago

Hi @haydentherapper ,

Thank you! I can confirm everything works.

Here is the resulting cert: cosign-stage.cert.txt

haydentherapper commented 7 months ago

@ilia-medvedev-codefresh rolling out to prod now!