Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check consistency between persisted snapshots #42

Merged
merged 4 commits into from
Aug 30, 2022
Merged

Check consistency between persisted snapshots #42

merged 4 commits into from
Aug 30, 2022

Conversation

haydentherapper
Copy link
Contributor

@haydentherapper haydentherapper commented Aug 24, 2022
edited
Loading

A previous PR added an hourly cronjob to check consistency. This didn't
check consistency as expected. After each invocation, a log file is
written to disk with the previous checkpoint. Consistency is checked
between the previous and current checkpoints. Without persistence, the
job would check consistency between the same checkpoints.

To implement persistence, we use a GitHub Action that downloads
previously uploaded artifacts. Persistence between workflows isn't
natively supported.

This also changes the persisted format to be a signed checkpoint rather
than just the size and root hash, which means we can verify it.

This also switches the default URL to be rekor.sigstore.dev, as api was
deprecated.

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

Fixes #41

Summary

Release Note

Documentation

@haydentherapper
Check consistency between persisted snapshots
eace552 
A previous PR added an hourly cronjob to check consistency. This didn't
check consistency as expected. After each invocation, a log file is
written to disk with the previous checkpoint. Consistency is checked
between the previous and current checkpoints. Without persistence, the
job would check consistency between the same checkpoints.

To implement persistence, we use a GitHub Action that downloads
previously uploaded artifacts. Persistence between workflows isn't
natively supported.

This also changes the persisted format to be a signed checkpoint rather
than just the size and root hash, which means we can verify it.

This also switches the default URL to be rekor.sigstore.dev, as api was
deprecated.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Copy link
Contributor Author

cc @asraa @SantiagoTorres @bobcallaway

@haydentherapper
Copy link
Contributor Author

Note there are some TODOs, I'll be creating issues for everything.

asraa
asraa reviewed Aug 25, 2022
View reviewed changes
@haydentherapper
Update to 1.19, update dependencies
461226a 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Add TODO
346c507 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
This was referenced Aug 27, 2022
Closed
Closed
@haydentherapper
Persist the last 100 checkpoints
2de8cc3 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper haydentherapper merged commit a9bca8d into sigstore:main Aug 30, 2022
@haydentherapper haydentherapper deleted the fix-gha branch August 30, 2022 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Updating the GH cronjob to persist state
2 participants
@haydentherapper @asraa