Skip to content

Commit

Permalink
Update linter, codeql (#92)
Browse files Browse the repository at this point in the history
CodeQL was failing because this version did not support Go 1.21. Also
bumped the linter and fixed lint failures.

Signed-off-by: Hayden Blauzvern <[email protected]>
  • Loading branch information
haydentherapper authored Feb 6, 2024
1 parent 13098f9 commit 8e0c8fc
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 17 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,12 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
uses: github/codeql-action/init@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
uses: github/codeql-action/autobuild@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
uses: github/codeql-action/analyze@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
2 changes: 1 addition & 1 deletion .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
- name: golangci-lint
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with:
version: v1.54
version: v1.55
args: --timeout=5m --verbose
# sometimes the pkg cache gets corrupted, skipping cache avoids this
# https://github.com/golangci/golangci-lint-action/issues/23
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/verify_license.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ jobs:
go-version-file: './go.mod'
check-latest: true
- name: Install addlicense
run: go install github.com/google/addlicense@v1.0.0
run: go install github.com/google/addlicense@v1.1.1
- name: Check license headers
run: |
set -e
addlicense -check -l apache -c 'The Sigstore Authors' -ignore "third_party/**" -v *
addlicense -check -l apache -c 'The Sigstore Authors' -ignore "third_party/**" -v *
18 changes: 7 additions & 11 deletions pkg/verify/signature.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,9 @@ func VerifySignature(sigContent SignatureContent, verificationContent Verificati
return verifyEnvelope(verifier, envelope)
} else if msg := sigContent.MessageSignatureContent(); msg != nil {
return errors.New("artifact must be provided to verify message signature")
} else {
// should never happen, but just in case:
return fmt.Errorf("signature content has neither an envelope or a message")
}
// handle an invalid signature content message
return fmt.Errorf("signature content has neither an envelope or a message")
}

func VerifySignatureWithArtifact(sigContent SignatureContent, verificationContent VerificationContent, trustedMaterial root.TrustedMaterial, artifact io.Reader) error { // nolint: revive
Expand All @@ -63,10 +62,9 @@ func VerifySignatureWithArtifact(sigContent SignatureContent, verificationConten
return verifyEnvelopeWithArtifact(verifier, envelope, artifact)
} else if msg := sigContent.MessageSignatureContent(); msg != nil {
return verifyMessageSignature(verifier, msg, artifact)
} else {
// should never happen, but just in case:
return fmt.Errorf("signature content has neither an envelope or a message")
}
// handle an invalid signature content message
return fmt.Errorf("signature content has neither an envelope or a message")
}

func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verificationContent VerificationContent, trustedMaterial root.TrustedMaterial, artifactDigest []byte, artifactDigestAlgorithm string) error { // nolint: revive
Expand All @@ -82,10 +80,9 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification
return verifyEnvelopeWithArtifactDigest(verifier, envelope, artifactDigest, artifactDigestAlgorithm)
} else if msg := sigContent.MessageSignatureContent(); msg != nil {
return verifyMessageSignatureWithArtifactDigest(verifier, msg, artifactDigest)
} else {
// should never happen, but just in case:
return fmt.Errorf("signature content has neither an envelope or a message")
}
// handle an invalid signature content message
return fmt.Errorf("signature content has neither an envelope or a message")
}

func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {
Expand All @@ -94,9 +91,8 @@ func getSignatureVerifier(verificationContent VerificationContent, tm root.Trust
return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)
} else if pk, ok := verificationContent.HasPublicKey(); ok {
return tm.PublicKeyVerifier(pk.Hint())
} else {
return nil, fmt.Errorf("no public key or certificate found")
}
return nil, fmt.Errorf("no public key or certificate found")
}

func verifyEnvelope(verifier signature.Verifier, envelope EnvelopeContent) error {
Expand Down

0 comments on commit 8e0c8fc

Please sign in to comment.