-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added support to sign linux artifacts #1352
added support to sign linux artifacts #1352
Conversation
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Codecov Report
@@ Coverage Diff @@
## main #1352 +/- ##
============================================
+ Coverage 94.02% 94.08% +0.06%
Complexity 11 11
============================================
Files 136 139 +3
Lines 3011 3061 +50
Branches 8 8
============================================
+ Hits 2831 2880 +49
- Misses 172 173 +1
Partials 8 8
Continue to review full report at Codecov.
|
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Close!
src/run_sign.py
Outdated
from system import console | ||
|
||
ACCEPTED_SIGNATURE_FILE_TYPES = [".sig", ".asc"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this already Signer.ACCEPTED_FILE_TYPES
? Use that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is accepted Signature types, different from accepted file types
|
||
def __sign__(self): | ||
artifacts = [self.target.name] | ||
basename = self.target.parent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These variables aren't reused, just pass the arguments as is below.
Add __sign_artifact__
that takes one artifact.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Variables just make it clear as to what is being passed to the function. I think we can leave it like this
|
||
self.assertEqual(type(SignWithManifest), type(klass)) | ||
|
||
path = Path(r"/dummy/path/") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Split up in separate tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should be one method, since it just verifies multiple if conditions with no workflow. It would just increase verbosity and complexity. This is clear too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a must have, but my reasoning is that these tests can fail independently, and methods are cheap.
artifact_type = 'dummy' | ||
sigtype = '.asc' | ||
|
||
klass = SignArtifacts.from_path(path, component, artifact_type, sigtype) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above, split up into individual tests for each type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same reason as before.
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
|
||
self.assertEqual(type(SignWithManifest), type(klass)) | ||
|
||
path = Path(r"/dummy/path/") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a must have, but my reasoning is that these tests can fail independently, and methods are cheap.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for addressing my comments, great work enhancing this flow.
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
Thanks @dblock for helping out with the test cases |
Signed-off-by: Abhinav Gupta <abhng@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works for me.
I would also remove all the passing around of Signer()
which is always the same class, and create an instance of it at the lowest level.
"".join(pathlib.Path(file_name).suffixes), | ||
] | ||
for x in Signer.ACCEPTED_FILE_TYPES | ||
file_name.endswith(x) for x in Signer.ACCEPTED_FILE_TYPES |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use os.path.splitext
to get the extension from the file name, then in
to check ether it’s one of the accepted types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That does not work since we have artifacts with names like opensearch-1.0.0.tar.gz
. That is why I changed it to endswith
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could just change .tar.gz into .gz. Technically the extension of that file is not .tar.gz, it’s .gz.
@dblock approved the changes on behalf of opensearch-project/engineering-effectiveness
Signed-off-by: Abhinav Gupta abhng@amazon.com
Description
Automate linux signing to sign any artifact or all artifacts in a directory
Issues Resolved
#1351
#1382
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.