WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

build(deps): migrate protovalidate to v1.1.0 and upgrade cosign to v3 #2618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
migmartri merged 12 commits into from
Dec 17, 2025
Merged

build(deps): migrate protovalidate to v1.1.0 and upgrade cosign to v3 #2618

migmartri merged 12 commits into from
Dec 17, 2025
+18,371 −16,203

Conversation

@migmartri
Copy link
Member

@migmartri migmartri commented Dec 12, 2025
edited
Loading

Summary

  • Migrated protovalidate from github.com/bufbuild/protovalidate-go to buf.build/go/protovalidate v1.1.0
  • Migrated protoyaml from github.com/bufbuild/protoyaml-go to buf.build/go/protoyaml v0.6.0
  • Created validator adapter in app/controlplane/pkg/unmarshal/unmarshal.go to bridge interface incompatibility
  • Upgraded cosign from v2 to v3 for compatibility with fulcio v1.8.3 and sigstore v1.10.x
  • Updated all import paths across 14 Go files
  • Fixed API changes: GetCertificate()Certificate() in verifier

Current Status

⚠️ Draft - Build is currently blocked by missing cryptoutils.ValidatePubKey in sigstore v1.10.2

  • The function was moved to internal package github.com/sigstore/sigstore/internal/goodkey
  • Waiting for sigstore to re-expose this function publicly (expected in upcoming release)
  • See app/controlplane/pkg/biz/signing.go:176

Related

  • Part of fulcio v1.8.3 upgrade (dependabot branch)

dependabot bot and others added 6 commits December 5, 2025 18:20
@dependabot
build(deps): bump github.com/sigstore/fulcio from 1.6.3 to 1.8.3
2b097a9 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.3 to 1.8.3.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](sigstore/fulcio@v1.6.3...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@migmartri
build(deps): migrate protovalidate to v1.1.0 and upgrade cosign to v3
c9226fc 
- Migrated from github.com/bufbuild/protovalidate-go to buf.build/go/protovalidate v1.1.0
- Migrated from github.com/bufbuild/protoyaml-go to buf.build/go/protoyaml v0.6.0
- Created validator adapter to bridge protovalidate v1.1.0 interface changes
- Upgraded cosign from v2 to v3 for compatibility with sigstore v1.10.x
- Updated all import paths and fixed API changes (GetCertificate -> Certificate)

Note: Build currently blocked by missing cryptoutils.ValidatePubKey in sigstore v1.10.2
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: remove app
22df429 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: remove app
0c84af8 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: remove app
47a75a7 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: decouple token from settings
45d5864 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri migmartri requested review from javirln and jiparis and removed request for jiparis December 17, 2025 15:59
@migmartri migmartri marked this pull request as ready for review December 17, 2025 15:59
@migmartri
chore: decouple token from settings
0d5468e 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: decouple token from settings
092f52b 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
chore: decouple token from settings
4407081 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri
../../
538e7ee 
Signed-off-by: Miguel Martinez <[email protected]>
@migmartri migmartri requested review from Piskoo and jiparis December 17, 2025 16:56
@migmartri migmartri mentioned this pull request Dec 17, 2025
Closed
@migmartri migmartri merged commit 4a29ebc into chainloop-dev:main Dec 17, 2025
8 of 13 checks passed
@migmartri migmartri deleted the upgrade-protovalidate branch December 17, 2025 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jiparis jiparis jiparis approved these changes

@javirln javirln Awaiting requested review from javirln

@Piskoo Piskoo Awaiting requested review from Piskoo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@migmartri @jiparis