policy engine: Execution of YAML workflows #48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
pdxjohnny
commented
Aug 7, 2024
•
pdxjohnny
commented
- GitHub Actions schema aligned flows as policy engine workflows
- Federation as Software Forge firewall demo 1
- Related
- Federation via ActivityPub #37
- TODO
- policy_engine_cwt_rebase_webhooks_in_config failure on config model v… pdxjohnny/scitt-api-emulator#8
- Future
- Show how indepednet instances can validate each others policy engine outputs
- Semantic equivalency, reproducible builds, and a new "verifiable build" track slsa-framework/slsa#873
- Workstream: SLSA Build L4 slsa-framework/slsa#977
- Workstream: Hardware Attested Build Environments slsa-framework/slsa#975
- Show how indepednet instances can validate each others policy engine outputs
…7c7e0ac8267c1079 of SCITT arch Related: ietf-wg-scitt/draft-ietf-scitt-architecture@a4645e4 Signed-off-by: John Andersen <[email protected]>
…7c1079 of SCITT arch Related: ietf-wg-scitt/draft-ietf-scitt-architecture@a4645e4 Signed-off-by: John Andersen <[email protected]>
- Working with SSH authorized_keys and OIDC style jwks - CWT decode - COSESign1.verify_signature - Working registration policy Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
$ git ls-files '*.py' | xargs autoflake --in-place --remove-all-unused-imports --ignore-init-module-imports Signed-off-by: John Andersen <[email protected]>
Asciinema: https://asciinema.org/a/627130 Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Tests passing as of https://asciinema.org/a/627194 Asciinema: https://asciinema.org/a/627150 Asciinema: https://asciinema.org/a/627165 Asciinema: https://asciinema.org/a/627183 Asciinema: https://asciinema.org/a/627193 Asciinema: https://asciinema.org/a/627194 Signed-off-by: John Andersen <[email protected]>
Asciinema: https://asciinema.org/a/627198 Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
…lic key resolvers tested seperatly Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
… based policy engine. TODO Receipts with attestations for SLSA L4 NO_CELERY=1 GITHUB_TOKEN=$(gh auth token) nodemon -e py --exec 'clear; python -m pytest -s -vv scitt_emulator/policy_engine.py; test 1' jsonschema -i <(cat request.yml | python -c 'import json, yaml, sys; print(json.dumps(yaml.safe_load(sys.stdin.read()), indent=4, sort_keys=True))') <(python -c 'import json, scitt_emulator.policy_engine; print(json.dumps(scitt_emulator.policy_engine.PolicyEngineRequest.model_json_schema(), indent=4, sort_keys=True))') Signed-off-by: John Andersen <[email protected]>
…ontext.secrets Signed-off-by: John Andersen <[email protected]>
…em config Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
…RKER_EXEC_WITH_PYTHON Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Working with litellm[proxy]@2f0a9aa17d5291d91e9dac196b72334bbb0eaf2a Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
…do not set new key when within current key Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
Signed-off-by: John Andersen <[email protected]>
pdxjohnny
force-pushed
the
policy_engine_cwt_rebase
branch
from
fdaf1e2
to
ab60710
Compare
Signed-off-by: John Andersen <[email protected]>
…lery Signed-off-by: John Andersen <[email protected]>
… of uvicorn package Signed-off-by: John Andersen <[email protected]>
…ing code Signed-off-by: John Andersen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.