Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tuf-on-ci migration preparation #1247

Closed
16 of 17 tasks
jku opened this issue May 30, 2024 · 4 comments
Closed
16 of 17 tasks

tuf-on-ci migration preparation #1247

jku opened this issue May 30, 2024 · 4 comments
Assignees
@jku
Labels
enhancement New feature or request

Comments

@jku
Copy link
Member

jku commented May 30, 2024
edited
Loading

In preparation for #929, we should do all preparing steps that are not limited by the online signing schedule and that will not affect the current day-to-day operation of this repository.

Checklist of things to do before the signing event
@jku jku added the enhancement New feature or request label May 30, 2024
@jku jku self-assigned this May 30, 2024
This was referenced May 31, 2024
Closed
Merged
Merged
Merged
jku added a commit to jku/community that referenced this issue Jun 6, 2024
@jku
root-signing: Prepare for tuf-on-ci migration
29ac8a7 
As part of sigstore/root-signing#1247
root-signing requires some project setting changes:
* Allow and encourage merge commits: signing event branches are
  collaboration branches where individual commits have different
  authors and actual meaning.
* Do not require linear history: signing events make sense as slightly
  longer lived branches: preserving this history make sense
* Remove two required checks that are replaced by tuf-on-ci checks
  (which can be made required in a later commit)
* Add branch protection for "publish"
* Modify branch protection for "main":
  * Remove sigstore-keyholders from pushRestrictions list: this looks
    like a mistake, keyholders should not have permissions for main
  * Add sigstore-bot as a PR bypasser (this is how online signing
    happens)

Signed-off-by: Jussi Kukkonen <[email protected]>
This was referenced Jun 6, 2024
Merged
Closed
Closed
@jku
Copy link
Member Author

jku commented Jun 7, 2024
edited
Loading

jku#1 contains the workflow enabling/disabling commits that we should include in the initial signing event branch (to disable legacy workflows and enable tuf-on-ci ones)

bobcallaway pushed a commit to sigstore/community that referenced this issue Jun 20, 2024
@jku
root-signing: Prepare for tuf-on-ci migration (#451)
7bcd31b 
* root-signing: Prepare for tuf-on-ci migration

As part of sigstore/root-signing#1247
root-signing requires some project setting changes:
* Allow and encourage merge commits: signing event branches are
  collaboration branches where individual commits have different
  authors and actual meaning.
* Do not require linear history: signing events make sense as slightly
  longer lived branches: preserving this history make sense
* Remove two required checks that are replaced by tuf-on-ci checks
  (which can be made required in a later commit)
* Add branch protection for "publish"
* Modify branch protection for "main":
  * Remove sigstore-keyholders from pushRestrictions list: this looks
    like a mistake, keyholders should not have permissions for main
  * Add sigstore-bot as a PR bypasser (this is how online signing
    happens)

Signed-off-by: Jussi Kukkonen <[email protected]>

* root-signing: Also remove dismissal permissions from keyholders

It looks like the team may not even be needed in the end so make sense
to remove this fairly inconsequential permission as well.

Signed-off-by: Jussi Kukkonen <[email protected]>

---------

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku

This comment was marked as duplicate.

Sign in to view
@jku jku mentioned this issue Aug 12, 2024
Merged
@jku
Copy link
Member Author

jku commented Aug 12, 2024

FYI @haydentherapper

@jku jku mentioned this issue Aug 20, 2024
Closed
@jku
Copy link
Member Author

jku commented Sep 2, 2024

marking this closed: the actual migration is in #1320

@jku jku closed this as completed Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jku jku

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jku