Skip to content
This repository was archived by the owner on Mar 10, 2025. It is now read-only.

securesign/sigstore-ocp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

172 Commits
.github
.github
 
 
.pre-commit
.pre-commit
 
 
charts
charts
 
 
docs
docs
 
 
examples
examples
 
 
grafana
grafana
 
 
hack
hack
 
 
images
images
 
 
keycloak
keycloak
 
 
kind
kind
 
 
release-plans/gamma
release-plans/gamma
 
 
tas-installer
tas-installer
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
.helmignore
.helmignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
cr.yaml
cr.yaml
 
 
ct-install.yaml
ct-install.yaml
 
 
ct.yaml
ct.yaml
 
 
fulcio-create-root-ca-openssl.sh
fulcio-create-root-ca-openssl.sh
 
 
rekor-create-signer-key.sh
rekor-create-signer-key.sh
 
 
tas-easy-install.sh
tas-easy-install.sh
 
 
tas-env-variables.sh
tas-env-variables.sh
 
 
tas-grafana-install.sh
tas-grafana-install.sh
 
 

Repository files navigation

Sigstore Helm Chart for OpenShift

This chart offers an opinionated OpenShift-specific experience. It is based on and directly depends on an upstream canonical Sigstore Scaffold Helm chart. For less opinionated experience, consider using the upstream chart directly.

This chart extends all the features in the upstream chart in addition to including OpenShift only features. It is not recommended to use this chart on other platforms.

Usage

Installing from the Chart Repository

For a quickstart on how to install Sigstore components on OpenShift refer to the quickstart quide

Scaffolding Chart

More information can be found by inspecting the trusted-artifact-signer chart.

Contributing

Install the pre-commit package and run pre-commit run --all-files before pushing changes, or pre-commit install to automatically run the pre-commit hooks with every git commit. If it fails, run the git commit command again. It's likely the pre-commit hook fixed the issue and you have to bring in the new changes.

Pull Requests

Testing this repository requires access to registry.redhat.io images. Because of this the tests depend on GitHub secrets. GitHub secrets are not accessible to forked repositories, so the normal workflow of submitting a PR from your fork against github.com/securesign/sigstore-ocp main branch is not possible when making changes to either the charts or .github directories. These directories require a run of the test suite that requires access to registry.redhat.io. PRs are welcome in this repository, however. Please reach out to one of the OWNERS to submit a PR to charts or .github.

Testing

To set up a kind cluster and deploy the charts, run the following from the root of this repository

./kind/kind-up-test.sh

This script will setup new KinD cluster for you, deploy the sigstore and execute tests on the deployment. There are no ingress routes so the sigstore is accessible only from the container. (see https://github.com/securesign/sigstore-ocp/blob/main/sign-verify.md#signing-a-container-using-the-cosign-pod)

To uninstall helm chart:

helm uninstall trusted-artifact-signer -n sigstore

To cleanup the test kind cluster, run:

kind delete cluster

About

sigstore helm-charts and build scripts opinionated for running on OCP and RHEL

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

12 stars

Watchers

6 watching

Forks

18 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 18
+ 4 contributors

Languages