Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement sign command #21

Merged
merged 9 commits into from
Apr 12, 2022
Merged

Implement sign command #21

merged 9 commits into from
Apr 12, 2022

Conversation

di
Copy link
Member

@di di commented Apr 6, 2022

Fixes #9.

@di di requested a review from tetsuo-cpp April 6, 2022 22:53
tetsuo-cpp
tetsuo-cpp reviewed Apr 11, 2022
View reviewed changes
Copy link
Contributor

@tetsuo-cpp tetsuo-cpp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is looking good. Are you planning to add anything to this?

@di
Copy link
Member Author

di commented Apr 12, 2022

@tetsuo-cpp I'll let you decide if we should lower or disable the coverage bar here, or try and add some very early tests. I think the former is fine as long as we come back later and test what we've got.

@di di marked this pull request as ready for review April 12, 2022 03:32
tetsuo-cpp
tetsuo-cpp reviewed Apr 12, 2022
View reviewed changes
sigstore/_sign.py
pass


def sign(file_, identity_token, output=_no_output):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should figure out what the return type should be soon. I'm thinking something like a SigningResult which allows you to tell between success/failure and whether there is a reason.

We could also just not have a return and consider any non-throwing call to sign to be a success.

I'll go ahead and merge this anyway since we have too many pieces of work branched off this, but we should definitely revisit it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, although I don't think an empty return would work for anyone using this as an importable API, they'd want roughly the same things we're outputting (the signature and certificate) returned. I like the idea of a SigningResult.

@tetsuo-cpp tetsuo-cpp merged commit 6cb0b25 into sigstore:main Apr 12, 2022
@tetsuo-cpp tetsuo-cpp deleted the sign branch April 12, 2022 07:24
@tetsuo-cpp tetsuo-cpp restored the sign branch April 12, 2022 07:25
@tetsuo-cpp tetsuo-cpp deleted the sign branch April 12, 2022 07:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tetsuo-cpp tetsuo-cpp tetsuo-cpp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement sign command
2 participants
@di @tetsuo-cpp