Skip to content

refactor: improve cosign signature/attestation lookup with oras#4959

Merged
AustinAbro321 merged 4 commits into
zarf-dev:mainfrom
Racer159:chore/improve-cosign-lookup-speed
Jun 8, 2026
Merged

refactor: improve cosign signature/attestation lookup with oras#4959
AustinAbro321 merged 4 commits into
zarf-dev:mainfrom
Racer159:chore/improve-cosign-lookup-speed

Conversation

@Racer159

@Racer159 Racer159 commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Description

This improves the speed of cosign signature and attestation lookups using zarf dev find-images to encourage their use.

Testing against the Neuvector UDS Package registry1 variant more than halved the total find-images time:

image

This also aligns the authentication flow of this lookup with that of the image pull on create.

Related Issue

Fixes #N/A

Checklist before merging

@Racer159
chore: improve cosign signature/attestation lookup with oras
a7d3a30 
Signed-off-by: Wayne Starr <me@racer159.com>
@Racer159 Racer159 requested review from a team as code owners June 4, 2026 23:05
@netlify

netlify Bot commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit d70cae6
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/6a22dc51b4136e000862ef37

@codecov

codecov Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 62.06897% with 44 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/pkg/utils/oci_artifacts.go 68.96% 12 Missing and 6 partials ⚠️
src/pkg/packager/find_images.go 38.09% 9 Missing and 4 partials ⚠️
src/pkg/images/common.go 66.66% 7 Missing and 4 partials ⚠️
src/pkg/images/pull.go 50.00% 1 Missing and 1 partial ⚠️
Files with missing lines Coverage Δ
src/pkg/images/pull.go 48.83% <50.00%> (-1.30%) ⬇️
src/pkg/images/common.go 60.08% <66.66%> (+1.05%) ⬆️
src/pkg/packager/find_images.go 56.94% <38.09%> (-1.01%) ⬇️
src/pkg/utils/oci_artifacts.go 57.50% <68.96%> (+3.65%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

brandtkeller
brandtkeller requested changes Jun 5, 2026
View reviewed changes

@brandtkeller brandtkeller left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor requests otherwise this is neat to see.

Comment thread src/pkg/images/common.go Outdated
Comment thread src/pkg/images/common.go Outdated
@github-project-automation github-project-automation Bot moved this to In progress in Zarf Jun 5, 2026
@Racer159
chore: fix return types for auth configured
d70cae6 
Signed-off-by: Wayne Starr <me@racer159.com>
brandtkeller
brandtkeller approved these changes Jun 5, 2026
View reviewed changes

@brandtkeller brandtkeller left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. clean and effective - technically a breaking change (public function signature modification) but I believe we're intending to have the policy list utils as not within the boundary.

I haven't seen any requests for this logic to support non-https registries and the current approach is still an improvement over what was here previously. That was the only thing that stood out between pull.go and the implementation here.

AustinAbro321
AustinAbro321 approved these changes Jun 8, 2026
View reviewed changes

@AustinAbro321 AustinAbro321 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks! I would love for find-images to rely entirely on oras-go instead of Crane. This is a good improvement for now

I am renaming this from chore-> refactor

@AustinAbro321 AustinAbro321 added this pull request to the merge queue Jun 8, 2026
@AustinAbro321 AustinAbro321 changed the title chore: improve cosign signature/attestation lookup with oras refactor: improve cosign signature/attestation lookup with oras Jun 8, 2026
Merged via the queue into zarf-dev:main with commit 5dbc598 Jun 8, 2026
33 checks passed
@github-project-automation github-project-automation Bot moved this from In progress to Done in Zarf Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AustinAbro321 AustinAbro321 AustinAbro321 approved these changes

@brandtkeller brandtkeller brandtkeller approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Zarf
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Racer159 @AustinAbro321 @brandtkeller