Update version of docker-compose.yml

start_period in healthcheck and target in build are properties that are not supported for docker-compose versions <3.4. This change fixes this issue.

Signed-off-by: Efe Barlas <ebarlas@purdue.edu>

Return 400 error if requested tree size > reality

Validate and return hash and size from signed root

Currently we return a 500 error if a consistency proof is requested for
a size that exceeds the current state of the log. This change causes a
400 "Bad Request" error with a more descriptive error message to be
returned.

Fixes #199

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

The loginfo API returns both the current size, root hash, as well as the
signed tree head that callers can verify if they wish. The CLI does a
check to verify the signature on the tree head returned, but was
reporting the unsigned size and hash. This change ensures that the
values match and prints the values from the signed tree head.

Fixes #200

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Add some text explaining the lack of SLOs on our production instance.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Provide context on how Rekor is part of sigstores infra

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Move the configs over to another repo.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This lets you retrieve entries by UUID or index, and see the other
value.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps [securego/gosec](https://github.com/securego/gosec) from v2.6.1 to v2.7.0.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](https://github.com/securego/gosec/compare/v2.6.1...27a5ffb5c8f6dd3b6dea3b8e6019a2b3d43bf0f9

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Domain name update

Signed-off-by: Luke Hinds <lhinds@redhat.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>

Add both ingress paths to the cert-manager for now.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Since the API key can be specified as an environment variable and could
be thought of as an authentication credential, it should not be included
in the path to the created entry in the log.

Previously we simply appended the new entry's UUID to the full URL,
which was incorrect if an API key was specified as a query parameter.

Fixes #182

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

In our CI environment there is an artifical delay in between starting
the Rekor services via docker-compose and when the E2E tests are
actually executed due to Go modules being downloaded. In a local
development environment, the download may not be required so the tests
can start before the docker-compose services are actually running.

This introduces a healthcheck for services (where possible), and blocks
the start of the e2e tests until the services are reporting as healthy.
It also forces the use of an empty homedir and rekor config file to
ensure no collision between the tests and the developer's environment.

Fixes #183

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

no longer require SHA to upload artifacts to log

Changed directory permissions for .rekor directory

Co-authored-by: Jehan <jehan.shah8@gmail.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>

Since the verification of a signature will, by definition, include
verifying the content has not been altered, it is unnecessary to require
users of the CLI or REST API to specify the SHA256 hash of the content
when creating a new entry into the log.

Note that the server will still compute the hash and store it in the log
for ease of comparison.

Fixes #180

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Switch camel to lower case on org name

* Code of conduct
* Committer guidelines (good commit messages, issue raising etc)

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.35.0...v1.36.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

All instances of projectrekor are now renamed to SigStore

This includes:

* Import paths
* Tests
* Readme's

Signed-off-by: Luke Hinds <lhinds@redhat.com>

* Bump golangci/golangci-lint-action from v2.4.0 to v2.5.1

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.4.0 to v2.5.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.4.0...d9f0e73c0497685d68af8c58280f49fcaf0545ff

)

Signed-off-by: dependabot[bot] <support@github.com>

* bump lint version in addition to action version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* Bump github.com/google/trillian from 1.3.10 to 1.3.13

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.3.10 to 1.3.13.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.3.10...v1.3.13

)

Signed-off-by: dependabot[bot] <support@github.com>

* update to new package structure

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* register hasher

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* revert to original naming

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* Bump github.com/go-openapi/spec from 0.20.1 to 0.20.3

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.1 to 0.20.3.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.20.1...v0.20.3

)

Signed-off-by: dependabot[bot] <support@github.com>

* update go.sum

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>

Allow uploading x509 signatures based on a cert rather than the publi…

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Bump github.com/spf13/cobra from 1.0.0 to 1.1.3

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.0.0 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.0.0...v1.1.3

)

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.19.9 to 0.20.0.
- [Release notes](https://github.com/go-openapi/errors/releases)
- [Commits](https://github.com/go-openapi/errors/compare/v0.19.9...v0.20.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.20.1...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.32.0 to 1.35.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.32.0...v1.35.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/loads](https://github.com/go-openapi/loads) from 0.20.0 to 0.20.2.
- [Release notes](https://github.com/go-openapi/loads/releases)
- [Commits](https://github.com/go-openapi/loads/compare/v0.20.0...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>