Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: 📝 Update cosign installation instructions and add verification steps #1460

Merged
merged 1 commit into from
Jul 30, 2024

Conversation

Anselmoo
Copy link
Owner

@Anselmoo Anselmoo commented Jul 30, 2024

All PR-Submissions:


  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open
    Pull Requests for the same
    update/change?

New ✨✨ Feature-Submissions:


  • Does your submission pass tests?
  • Have you lint your code locally prior to submission? Fixed:
  • This PR is for a new feature, not a bug fix.

Changes to ⚙️ Core-Features:


  • Have you added an explanation of what your changes do and why you'd like
    us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

Summary by Sourcery

This pull request updates the INSTALLATION.md documentation to include detailed instructions for installing cosign and verifying the SpectraFit container image. It provides installation commands for macOS, Linux, and Go, as well as steps to verify the container image using a public key.

  • Documentation:
    • Updated cosign installation instructions in INSTALLATION.md to include steps for installing cosign via Homebrew and Go.
    • Added verification steps for the SpectraFit container image using cosign, including how to obtain and use the public key.

@Anselmoo Anselmoo enabled auto-merge July 30, 2024 04:54
Copy link

Review changes with SemanticDiff.

Copy link
Contributor

sourcery-ai bot commented Jul 30, 2024

Reviewer's Guide by Sourcery

This pull request updates the 'INSTALLATION.md' file to include detailed instructions for installing 'cosign' and verifying the SpectraFit container image. The changes provide step-by-step guidance on using 'cosign' with Homebrew and Go, saving the public key, and verifying the container image, including exporting the verification output to JSON.

File-Level Changes

Files Changes
INSTALLATION.md Updated 'cosign' installation and verification instructions, including detailed steps and commands.

Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

@github-actions github-actions bot added documentation Improvements or additions to documentation root labels Jul 30, 2024
Copy link

Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Anselmoo - I've reviewed your changes and they look great!

Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟡 Documentation: 3 issues found

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

@@ -214,7 +214,49 @@ available plugins are:

!!! info "About cosign"

_coming soon_
The `cosign` is a tool for signing and verifying container images as part of the
[sigstore][10] project.The `cosign` can be used to sign the `SpectraFit` container
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (documentation): Add a space after the period.

There should be a space after the period in 'project.The'.


To verify the SpectraFit container image, SpectraFit's public key is required and
can be found under: https://github.com/Anselmoo/spectrafit/blob/main/cosign.pub.
You can save the public key to a file named cosign.pub:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (documentation): Clarify the instruction for saving the public key.

Consider changing 'You can save the public key to a file named cosign.pub' to 'Save the public key to a file named cosign.pub.'

Suggested change
You can save the public key to a file named cosign.pub:
Save the public key to a file named `cosign.pub`:

You can save the public key to a file named cosign.pub:

```bash
cat cosign.pub
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (documentation): Correct the command for saving the public key.

The command cat cosign.pub is misleading. It should be echo "-----BEGIN PUBLIC KEY-----..." > cosign.pub to actually save the key to the file.

Copy link

codecov bot commented Jul 30, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (1848dc3) to head (7365fd9).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #1460   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           44        44           
  Lines         4467      4467           
=========================================
  Hits          4467      4467           
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Anselmoo Anselmoo merged commit ad8896f into main Jul 30, 2024
49 checks passed
@Anselmoo Anselmoo deleted the feature/docs-cosign branch July 30, 2024 05:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation root size/M
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant