docker/go-tuf-mirror
1
0
Fork 0
mirror of https://github.com/docker/go-tuf-mirror synced 2026-04-05 19:43:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
70 commits 3 branches 20 tags 541 KiB
  • Go 91.8%
  • Makefile 4.9%
  • Dockerfile 3.3%
Find a file
Exact
dependabot[bot] 6cb12d3898
 feat(deps): bump github.com/docker/attest from 0.6.7 to 0.6.8 (#77) 
Bumps [github.com/docker/attest](https://github.com/docker/attest) from
0.6.7 to 0.6.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/attest/releases">github.com/docker/attest's
releases</a>.</em></p>
<blockquote>
<h2>v0.6.8</h2>
<h2>Changes</h2>
<ul>
<li>feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/210">#210</a>)</li>
<li>Update go git <a
href="https://github.com/jonnystoten"><code>@​jonnystoten</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/209">#209</a>)</li>
</ul>
<h2>🚀 Features</h2>
<ul>
<li>feat: add internal reproducible git checksum builtin <a
href="https://github.com/jonnystoten"><code>@​jonnystoten</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/203">#203</a>)</li>
<li>feat: add code of conduct <a
href="https://github.com/mrjoelkamp"><code>@​mrjoelkamp</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/206">#206</a>)</li>
<li>feat: add pr and issue templates <a
href="https://github.com/mrjoelkamp"><code>@​mrjoelkamp</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/205">#205</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>chore: skip DCO requirement for org members <a
href="https://github.com/jonnystoten"><code>@​jonnystoten</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/208">#208</a>)</li>
<li>feat: add code of conduct <a
href="https://github.com/mrjoelkamp"><code>@​mrjoelkamp</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/206">#206</a>)</li>
<li>feat: add pr and issue templates <a
href="https://github.com/mrjoelkamp"><code>@​mrjoelkamp</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/205">#205</a>)</li>
<li>chore: apply license headers <a
href="https://github.com/mrjoelkamp"><code>@​mrjoelkamp</code></a> (<a
href="https://redirect.github.com/docker/attest/issues/204">#204</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b0d6219e34"><code>b0d6219</code></a>
feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 (<a
href="https://redirect.github.com/docker/attest/issues/210">#210</a>)</li>
<li><a
href="b4a9283ec3"><code>b4a9283</code></a>
Update go git (<a
href="https://redirect.github.com/docker/attest/issues/209">#209</a>)</li>
<li><a
href="ca97a23d07"><code>ca97a23</code></a>
Skip DCO requirement for org members (<a
href="https://redirect.github.com/docker/attest/issues/208">#208</a>)</li>
<li><a
href="a078fba81d"><code>a078fba</code></a>
feat: add internal reproducible git checksum builtin (<a
href="https://redirect.github.com/docker/attest/issues/203">#203</a>)</li>
<li><a
href="3cf2d929f7"><code>3cf2d92</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/attest/issues/206">#206</a>
from docker/feat-add-code-of-conduct</li>
<li><a
href="c7b2ebefac"><code>c7b2ebe</code></a>
feat: add code of conduct</li>
<li><a
href="85cf56de49"><code>85cf56d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/attest/issues/205">#205</a>
from docker/feat-add-pr-issue-templates</li>
<li><a
href="f426fa367c"><code>f426fa3</code></a>
feat: add pr and issue templates</li>
<li><a
href="c7c3d23717"><code>c7c3d23</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/attest/issues/204">#204</a>
from docker/chore-apply-license</li>
<li><a
href="01a6a2ab7d"><code>01a6a2a</code></a>
refactor: remove copyright year; add newline</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/attest/compare/v0.6.7...v0.6.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/attest&package-manager=go_modules&previous-version=0.6.7&new-version=0.6.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 10:34:56 +01:00
.github Skip DCO requirement for org members (#76) 2024-10-23 14:36:36 +00:00
actions feat: bump actions to go-tuf-mirror v0.2.7 (#67) 2024-10-01 16:31:35 -05:00
cmd chore: license (#71) 2024-10-18 09:44:46 -05:00
internal chore: license (#71) 2024-10-18 09:44:46 -05:00
template chore: license (#71) 2024-10-18 09:44:46 -05:00
.gitignore feat: add tuf testdata and configurable root (#19) 2024-04-12 14:55:52 -05:00
CODE-OF-CONDUCT.md feat: add code of conduct (#73) 2024-10-21 10:02:27 -05:00
CONTRIBUTING.md feat: add code of conduct (#73) 2024-10-21 10:02:27 -05:00
Dockerfile chore: fix public secret access (#75) 2024-10-23 15:25:36 +01:00
go.mod feat(deps): bump github.com/docker/attest from 0.6.7 to 0.6.8 (#77) 2024-10-24 10:34:56 +01:00
go.sum feat(deps): bump github.com/docker/attest from 0.6.7 to 0.6.8 (#77) 2024-10-24 10:34:56 +01:00
LICENSE chore: license (#71) 2024-10-18 09:44:46 -05:00
main.go chore: license (#71) 2024-10-18 09:44:46 -05:00
Makefile chore: license (#71) 2024-10-18 09:44:46 -05:00
NOTICE chore: license (#71) 2024-10-18 09:44:46 -05:00
README.md feat: add delegated target role metadata mirror (#9) 2024-03-12 08:18:19 -05:00

README.md

go-tuf-mirror

Mirror TUF metadata to/between OCI registries

drawing

Usage

GitHub Actions

Example GHA workflow:

name: Run go-tuf-mirror
on:
  workflow_dispatch:
jobs:
  mirror:
    runs-on: ubuntu-latest
    env:
      DOCKER_CONFIG: ${{ github.workspace }}/.docker
    steps:
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: dockerpublicbot
          password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
      - name: Mirror metadata
        uses: docker/go-tuf-mirror/actions/metadata@v0.1.0
        with:
          source: https://docker.github.io/tuf-staging/metadata
          destination: docker://docker/tuf-metadata:latest
      - name: Mirror targets
        uses: docker/go-tuf-mirror/actions/targets@v0.1.0
        with:
          metadata: https://docker.github.io/tuf-staging/metadata
          source: https://docker.github.io/tuf-staging/targets
          destination: docker://docker/tuf-targets

Mirror only metadata from web

  1. Build go-tuf-mirror

    make build

  2. Run metadata command

    ./go-tuf-mirror metadata -s <metadata location> -d <metadata output location>

    example:

    # output metadata to docker registry
./go-tuf-mirror metadata -s https://docker.github.io/tuf-staging/metadata -d docker://docker/tuf-metadata:latest

Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to docker://docker/tuf-metadata:latest
Metadata manifest pushed to docker/tuf-metadata:latest

Mirror delegated targets metadata

  1. Run metadata command with the -f flag

    example:

    ./go-tuf-mirror metadata -f -s "https://docker.github.io/tuf-staging/metadata" -d "docker://docker/tuf-metadata:latest"

Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to docker://docker/tuf-metadata:latest
Metadata manifest pushed to docker/tuf-metadata:latest
Delegated metadata manifest pushed to docker/tuf-metadata:opkl
Delegated metadata manifest pushed to docker/tuf-metadata:doi

Mirror only targets from web

  1. Build go-tuf-mirror

    make build

  2. Run metadata command

    ./go-tuf-mirror targets -m <source metadata location> -s <source targets location>  -d <destination targets location>

    example:

    # output targets to docker registry
./go-tuf-mirror targets -m https://docker.github.io/tuf-staging/metadata -s https://docker.github.io/tuf-staging/targets  -d docker://docker/tuf-targets

Mirroring TUF targets https://docker.github.io/tuf-staging/targets to docker://docker/tuf-targets
Target manifest pushed to docker/tuf-targets:ecc736303caf8cf22ef00df2db3c411a563030c2e1e7ae24f4e38113e7ad610d.doi-signing-stage.pem
Target manifest pushed to docker/tuf-targets:3965bb0a873cff50e16b277444d659553ab79c9632a1fb03a6d9360af536c142.image-signer-verifier.pem
Target manifest pushed to docker/tuf-targets:e4dc114275694612ee236b231990d606b7879d05f64809611545c8234efb6cd4.doi-signing-key.pem
Target manifest pushed to docker/tuf-targets:5ddbaf12a091d0b877b7574af7cc19bf85023d649a520ccfebc0f2b5f8c2c4de.doi-signing-prod.pem

Mirror metadata and targets from web

  1. Build go-tuf-mirror

    make build

  2. Run all command

    ./go-tuf-mirror all --source-metadata <metadata location> --source-targets <targets location> --dest-metadata <metadata output location> --dest-targets <targets output location>

    example:

    # outputs metadata and targets to local OCI layout
./go-tuf-mirror all --source-metadata "https://docker.github.io/tuf-staging/metadata" --source-targets "https://docker.github.io/tuf-staging/targets" --dest-targets "oci://./tmp/targets" --dest-metadata "oci://./tmp/metadata"

Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to oci://./tmp/metadata
Metadata manifest layout saved to ./tmp/metadata

Mirroring TUF targets https://docker.github.io/tuf-staging/targets to oci://./tmp/targets
Target manifest layout saved to tmp/targets/ecc736303caf8cf22ef00df2db3c411a563030c2e1e7ae24f4e38113e7ad610d.doi-signing-stage.pem
Target manifest layout saved to tmp/targets/3965bb0a873cff50e16b277444d659553ab79c9632a1fb03a6d9360af536c142.image-signer-verifier.pem
Target manifest layout saved to tmp/targets/e4dc114275694612ee236b231990d606b7879d05f64809611545c8234efb6cd4.doi-signing-key.pem