search

trailofbits / pypi-attestations

A library to convert between Sigstore Bundles and PEP 740 Attestation objects
https://trailofbits.github.io/pypi-attestations
Apache License 2.0
1 stars 1 forks source link

Make `Publisher` a discriminated union #38

Closed woodruffw closed 2 months ago

woodruffw commented 2 months ago

This uses the discriminated union pattern in Pydantic to give us slightly stronger "shape" guarantees. It adds GitHubPublisher and GitLabPublisher to get started, but we'll add more as more Trusted Publishers are supported for provenance purposes.

woodruffw commented 2 months ago

Merging so this can be iterated on in #36.