8000 Recognize SIGSTORE_ prefixed environment variables. by wlynch · Pull Request #123 · sigstore/gitsign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Recognize SIGSTORE_ prefixed environment variables. #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 25, 2022
Merged

Recognize SIGSTORE_ prefixed environment variables. #123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files. Retry
Loading
Diff view
Diff view
27 changes: 16 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,20 +66,25 @@ The following config options are supported:
| issuer | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| redirectURL | | OIDC Redirect URL |
| rekor | https://rekor.sigstore.dev | Address of Rekor server |
| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com`|
| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |

### Environment Variables

| Environment Variable | Default | Description |
| ------------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| GITSIGN_CREDENTIAL_CACHE | | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
| GITSIGN_CONNECTOR_ID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com`|
| GITSIGN_FULCIO_URL | https://fulcio.sigstore.dev | Address of Fulcio server |
| GITSIGN_LOG | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| GITSIGN_OIDC_CLIENT_ID | sigstore | OIDC client ID for application |
| GITSIGN_OIDC_ISSUER | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| GITSIGN_OIDC_REDIRECT_URL | | OIDC Redirect URL |
| GITSIGN_REKOR_URL | https://rekor.sigstore.dev | Address of Rekor server |
| Environment Variable | Sigstore<br>Prefix | Default | Description |
| ------------------------- | ------------------ | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| GITSIGN_CREDENTIAL_CACHE | ❌ | | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
| GITSIGN_CONNECTOR_ID | ✅ | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |
| GITSIGN_FULCIO_URL | ✅ | https://fulcio.sigstore.dev | Address of Fulcio server |
| GITSIGN_LOG | ❌ | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| GITSIGN_OIDC_CLIENT_ID | ✅ | sigstore | OIDC client ID for application |
| GITSIGN_OIDC_ISSUER | ✅ | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| GITSIGN_OIDC_REDIRECT_URL | ✅ | | OIDC Redirect URL |
| GITSIGN_REKOR_URL | ✅ | https://rekor.sigstore.dev | Address of Rekor server |

For environment variables that support `Sigstore Prefix`, the values may be
provided with either a `GITSIGN_` or `SIGSTORE_` prefix - e.g.
`GITSIGN_CONNECTOR_ID` or `SIGSTORE_CONNECTOR_ID`. If both environment variables
are set, `GITSIGN_` prefix takes priority.

## Usage

Expand Down
19 changes: 13 additions & 6 deletions internal/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
package config

import (
"fmt"
"os"

"github.com/go-git/go-git/v5"
Expand Down Expand Up @@ -77,13 +78,19 @@ func getWithRepo(repo *git.Repository) (*Config, error) {
}

// Get values from env vars
out.Fulcio = envOrValue("GITSIGN_FULCIO_URL", out.Fulcio)
out.Rekor = envOrValue("GITSIGN_REKOR_URL", out.Rekor)
out.ClientID = envOrValue("GITSIGN_OIDC_CLIENT_ID", out.ClientID)
out.RedirectURL = envOrValue("GITSIGN_OIDC_REDIRECT_URL", out.RedirectURL)
out.Issuer = envOrValue("GITSIGN_OIDC_ISSUER", out.Issuer)

// Check for common environment variables that could be shared with other
// Sigstore tools. Gitsign envs should take precedence.
for _, prefix := range []string{"SIGSTORE", "GITSIGN"} {
out.Fulcio = envOrValue(fmt.Sprintf("%s_FULCIO_URL", prefix), out.Fulcio)
out.Rekor = envOrValue(fmt.Sprintf("%s_REKOR_URL", prefix), out.Rekor)
out.ClientID = envOrValue(fmt.Sprintf("%s_OIDC_CLIENT_ID", prefix), out.ClientID)
out.RedirectURL = envOrValue(fmt.Sprintf("%s_OIDC_REDIRECT_URL", prefix), out.RedirectURL)
out.Issuer = envOrValue(fmt.Sprintf("%s_OIDC_ISSUER", prefix), out.Issuer)
out.ConnectorID = envOrValue(fmt.Sprintf("%s_CONNECTOR_ID", prefix), out.ConnectorID)
}

out.LogPath = envOrValue("GITSIGN_LOG", out.LogPath)
out.ConnectorID = envOrValue("GITSIGN_CONNECTOR_ID", out.ConnectorID)

return out, nil
}
Expand Down
11 changes: 10 additions & 1 deletion internal/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ func TestGet(t *testing.T) {
// This just overrides default value.
t.Setenv("GITSIGN_OIDC_ISSUER", "tacocat")

// Recognize SIGSTORE prefixes.
t.Setenv("SIGSTORE_OIDC_REDIRECT_URL", "example.com")

// GITSIGN prefix takes priority over SIGSTORE.
t.Setenv("SIGSTORE_CONNECTOR_ID", "foo")
t.Setenv("GITSIGN_CONNECTOR_ID", "bar")

want := &Config{
// Default overridden by config
Fulcio: "example.com",
Expand All @@ -73,7 +80,9 @@ func TestGet(t *testing.T) {
// Default value
ClientID: "sigstore",
// Overridden by env var
Issuer: "tacocat",
Issuer: "tacocat",
RedirectURL: "example.com",
ConnectorID: "bar",
}

got, err := getWithRepo(repo)
Expand Down
0