server
server copied to clipboard
Published
20 hours ago •
go-vela
go-vela
initial work for signature api and build checking in webhook
This is very much a draft but I was hoping it could provide some more detail on how the pipeline signing might work server-side. For example purposes, I made Trusted the field in question, put the signature in a separate file .vela.sig, and use the entire contents of the .vela.yml file as the key for the signature.
A few things I'm missing: expanded pipeline since templates could get manipulated, SHA checksum of .vela.yml file, and obviously the accompanying CLI changes. I mainly wanted to put this out here as a draft as a supplement to the proposal
Codecov Report
Merging #566 (1034d78) into master (2e452a8) will increase coverage by
0.00%. The diff coverage is11.60%.
@@ Coverage Diff @@
## master #566 +/- ##
========================================
Coverage 54.79% 54.80%
========================================
Files 179 179
Lines 14873 15062 +189
========================================
+ Hits 8150 8255 +105
- Misses 6407 6490 +83
- Partials 316 317 +1
| Impacted Files | Coverage Δ | |
|---|---|---|
| api/build.go | 1.97% <0.00%> (ø) |
|
| api/pipeline.go | 0.00% <0.00%> (ø) |
|
| api/repo.go | 0.00% <0.00%> (ø) |
|
| api/webhook.go | 0.00% <0.00%> (ø) |
|
| scm/github/repo.go | 73.03% <50.00%> (-1.03%) |
:arrow_down: |
| compiler/native/compile.go | 64.62% <100.00%> (ø) |
|
| compiler/native/environment.go | 89.28% <0.00%> (+8.86%) |
:arrow_up: |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}