Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor rekor-monitor workflow #526

Merged
merged 2 commits into from
Nov 18, 2024
Merged

Refactor rekor-monitor workflow #526

merged 2 commits into from
Nov 18, 2024

Conversation

linus-sun
Copy link
Collaborator

@linus-sun linus-sun commented Nov 5, 2024
edited
Loading

Summary

As per the following doc, this PR refactors rekor-monitor to make running the identity monitor easier to configure through an updated input configuration, as well as adding better error handling and logic for determining what indices to run the identity monitor on in the case that the user does not input a given start or end index for the identity monitor portion of the reusable monitoring workflow.

Release Note

The identity monitor input configuration has been updated.

Documentation

The README has been updated accordingly with proper run instructions for the reusable monitoring workflow.

@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch 2 times, most recently from 0411ac6 to 7a3b221 Compare November 5, 2024 23:52
@codecov Codecov
Copy link

codecov bot commented Nov 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 2.32558% with 126 lines in your changes missing coverage. Please review.

Project coverage is 62.46%. Comparing base (d271ec7) to head (2ea93b0).
Report is 164 commits behind head on main.

Files with missing lines Patch % Lines
cmd/rekor_monitor/main.go 0.00% 124 Missing ⚠️
pkg/rekor/identity.go 66.66% 1 Missing ⚠️
pkg/rekor/verifier.go 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #526      +/-   ##
==========================================
- Coverage   64.02%   62.46%   -1.57%     
==========================================
  Files           4       17      +13     
  Lines         303     1276     +973     
==========================================
+ Hits          194      797     +603     
- Misses         78      408     +330     
- Partials       31       71      +40

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚨 Try these New Features:

@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch 6 times, most recently from d035f53 to 40083f5 Compare November 6, 2024 18:33
@linus-sun linus-sun marked this pull request as ready for review November 6, 2024 18:41
@linus-sun linus-sun requested review from mihaimaruseac and haydentherapper and removed request for mihaimaruseac November 6, 2024 18:41
mihaimaruseac
mihaimaruseac reviewed Nov 6, 2024
View reviewed changes
Copy link
Collaborator

@mihaimaruseac mihaimaruseac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I only have a set of minor comments / nits.

.github/workflows/identity_monitor.yml Outdated Show resolved Hide resolved
.github/workflows/identity_monitor.yml Outdated Show resolved Hide resolved
.github/workflows/identity_monitor.yml Outdated Show resolved Hide resolved
pkg/test/consistency_check/consistency_check_e2e_test.sh Outdated Show resolved Hide resolved
@linus-sun linus-sun changed the title refactor workflows to split Refactor rekor-monitor workflows to decouple consistency check + identity monitor Nov 6, 2024
@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch from 40083f5 to 1b38f1d Compare November 6, 2024 22:46
mihaimaruseac
mihaimaruseac previously approved these changes Nov 6, 2024
View reviewed changes
@linus-sun linus-sun mentioned this pull request Nov 7, 2024
Closed
haydentherapper
haydentherapper requested changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We chatted offline, but I've realized that this is going to introduce a lot of duplication, especially as we add more ways to monitor the log (CT consistency, CT monitoring, tile monitoring, etc). To avoid duplication, I'd suggest we:

  • Keep only one GitHub Actions workflow, reusable_monitoring.yml seems like a generic enough name.
  • Keep consistency checks and monitoring under the same executable, but have a different executable for each monitored log (e.g cmd/rekor_monitor/main.go, cmd/ct_monitor/main.go)
  • Keep reading the latest index from a checkpoint rather than the IdentityMetadata output. I think that file is still useful to later expand to include skipped entries though, so no need to revert any changes there.

Sorry for the pivot backwards, but hopefully this will keep the code easier to maintain.

@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch from 1b38f1d to cb917dd Compare November 11, 2024 16:30
@linus-sun linus-sun changed the title Refactor rekor-monitor workflows to decouple consistency check + identity monitor Refactor rekor-monitor workflow Nov 14, 2024
@linus-sun linus-sun mentioned this pull request Nov 14, 2024
Merged
@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch 5 times, most recently from 5c0aa51 to 2b13744 Compare November 14, 2024 20:31
@linus-sun
rollback split
2ea93b0 
Signed-off-by: linus-sun <[email protected]>
@linus-sun linus-sun force-pushed the linussun/identity-monitor-workflow branch from 2b13744 to 2ea93b0 Compare November 15, 2024 00:40
haydentherapper
haydentherapper approved these changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

haydentherapper
haydentherapper approved these changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@haydentherapper haydentherapper merged commit 114befb into sigstore:main Nov 18, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@mihaimaruseac mihaimaruseac mihaimaruseac left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@linus-sun @mihaimaruseac @haydentherapper