Skip to content

Commit

Permalink
add comment explaining the usage of worklow url as buildsigner
Browse files Browse the repository at this point in the history 
Signed-off-by: Ilia Medvedev <ilia.medvedev@codefresh.io>
  • Loading branch information
@ilia-medvedev-codefresh
ilia-medvedev-codefresh committed Apr 5, 2024
1 parent 9edc6ae commit b69aa37
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion pkg/identity/codefresh/principal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,9 @@ func (w workflowPrincipal) Embed(_ context.Context, cert *x509.Certificate) erro

cert.ExtraExtensions, err = certificate.Extensions{
Issuer: w.issuer,
// URL of the build in Codefresh
// URL of the build in Codefresh.

Check failure on line 152 in pkg/identity/codefresh/principal.go

View workflow job for this annotation

GitHub Actions / golangci-lint 

File is not `gofmt`-ed with `-s` (gofmt)

Check failure on line 152 in pkg/identity/codefresh/principal.go

View workflow job for this annotation

GitHub Actions / golangci-lint 

File is not `goimports`-ed (goimports)
// The workflow url is used for build signer in Codefresh because for public builds unauthenticated users only have access to the workflow, not the pipeline definition.
// Also, the workflow contains the definition of the pipeline that was used at the time of the build, making it ideal to be used as the signer url.
BuildSignerURI: baseURL.JoinPath("build", w.workflowID).String(),
RunnerEnvironment: w.runnerEnvironment,
SourceRepositoryURI: w.scmRepoURL,
Expand Down

0 comments on commit b69aa37

Please sign in to comment.