cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Support Gitpod workspaces

Open Edward13ruf opened this issue 1 year ago • 0 comments

Closes https://github.com/sigstore/cosign/issues/2997

Summary This PR adds a provider that, when run from within a Gitpod workspace, retrieves a token automatically from the command line, which means users do not have to do any additional auth checks or config.

This PR was previously open as https://github.com/sigstore/cosign/pull/2998 however work on Gitpod's end stalled and it took some time before changes were implemented that made this viable. These updates mean some, though not all, tokens can now be used with Sigstore, and Gitpod are correctly populating the email_verified field as required by Fulcio. Part of the logic of this PR has been changed to make sure we only send through tokens if they have this field and will be valid.

Release Note Documentation

Edward13ruf avatar Mar 15 '24 16:03 Edward13ruf