Skip to content

chore: improve cosign signature/attestation lookup with oras#4959

Open
Racer159 wants to merge 4 commits into
zarf-dev:mainfrom
Racer159:chore/improve-cosign-lookup-speed
Open

chore: improve cosign signature/attestation lookup with oras#4959
Racer159 wants to merge 4 commits into
zarf-dev:mainfrom
Racer159:chore/improve-cosign-lookup-speed

Conversation

@Racer159
Copy link
Copy Markdown
Contributor

@Racer159 Racer159 commented Jun 4, 2026

Description

This improves the speed of cosign signature and attestation lookups using zarf dev find-images to encourage their use.

Testing against the Neuvector UDS Package registry1 variant more than halved the total find-images time:

image

This also aligns the authentication flow of this lookup with that of the image pull on create.

Related Issue

Fixes #N/A

Checklist before merging

@Racer159
chore: improve cosign signature/attestation lookup with oras
a7d3a30 
Signed-off-by: Wayne Starr <me@racer159.com>
@Racer159 Racer159 requested review from a team as code owners June 4, 2026 23:05
@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 4, 2026
edited
Loading

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit d70cae6
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/6a22dc51b4136e000862ef37

@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 5, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 62.06897% with 44 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/pkg/utils/oci_artifacts.go 68.96% 12 Missing and 6 partials ⚠️
src/pkg/packager/find_images.go 38.09% 9 Missing and 4 partials ⚠️
src/pkg/images/common.go 66.66% 7 Missing and 4 partials ⚠️
src/pkg/images/pull.go 50.00% 1 Missing and 1 partial ⚠️
Files with missing lines Coverage Δ
src/pkg/images/pull.go 48.83% <50.00%> (-1.30%) ⬇️
src/pkg/images/common.go 60.08% <66.66%> (+1.05%) ⬆️
src/pkg/packager/find_images.go 56.94% <38.09%> (-1.01%) ⬇️
src/pkg/utils/oci_artifacts.go 57.50% <68.96%> (+3.65%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

brandtkeller
brandtkeller requested changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@brandtkeller brandtkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor requests otherwise this is neat to see.

Comment thread src/pkg/images/common.go Outdated
Comment thread src/pkg/images/common.go Outdated
@github-project-automation github-project-automation Bot moved this to In progress in Zarf Jun 5, 2026
@Racer159
chore: fix return types for auth configured
d70cae6 
Signed-off-by: Wayne Starr <me@racer159.com>
brandtkeller
brandtkeller approved these changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@brandtkeller brandtkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. clean and effective - technically a breaking change (public function signature modification) but I believe we're intending to have the policy list utils as not within the boundary.

I haven't seen any requests for this logic to support non-https registries and the current approach is still an improvement over what was here previously. That was the only thing that stood out between pull.go and the implementation here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brandtkeller brandtkeller brandtkeller approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Zarf
Status: In progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Racer159 @brandtkeller