Follow up: Update and unignore github.com/sigstore/sigstore in open-component-model/ocm #780
Description
Description
This is a follow-up for open-component-model/ocm#1699.
In open-component-model/ocm#1699 we ignored the package github.com/sigstore/sigstore because it introduced a breaking change (see release notes ) that breaks github.com/sigstore/cosign/[email protected]:
# github.com/sigstore/cosign/v2/pkg/cosign
Error: /home/runner/go/pkg/mod/github.com/sigstore/cosign/[email protected]/pkg/cosign/keys.go:143:24: undefined: cryptoutils.ValidatePubKey
Error: /home/runner/go/pkg/mod/github.com/sigstore/cosign/[email protected]/pkg/cosign/keys.go:152:24: undefined: cryptoutils.ValidatePubKey
Error: /home/runner/go/pkg/mod/github.com/sigstore/cosign/[email protected]/pkg/cosign/keys.go:163:25: undefined: cryptoutils.ValidatePubKey
A fix is already prepared, see open-component-model/ocm#1699 (comment)
Done Criteria
- Update
github.com/sigstore/sigstoreandgithub.com/sigstore/cosign/v2when available and possible (hopefully the will update2.6.xtoo) - Code has been reviewed by other team members
- Analysis of existing tests (Unit and Integration)
- Unit Tests created for new code or existing Unit Tests updated
- Integration Test Suite updated (includes deletion of existing unnecessary Integration Test and/or creation of new ones if required)