From d874e076de10f359a0f9abd8284e5176203860db Mon Sep 17 00:00:00 2001 From: Hao Dang Date: Thu, 14 Nov 2024 10:33:49 -0800 Subject: [PATCH 1/4] add readme for validation --- DESCRIPTION.rst | 4 ++++ README.rst | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/DESCRIPTION.rst b/DESCRIPTION.rst index 170397e..1247c91 100644 --- a/DESCRIPTION.rst +++ b/DESCRIPTION.rst @@ -7,6 +7,10 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-inges Release Notes ------------------------------------------------------------------------------- +- v1.0.10 (November 14, 2024) + + - Update readme for artifact validation using cosign + - v1.0.9 (September 10, 2024) - Fix casing for RFC-6750 conformity diff --git a/README.rst b/README.rst index f440790..94fbf0b 100644 --- a/README.rst +++ b/README.rst @@ -130,3 +130,19 @@ Here is a simple "hello world" example for using ingest sdk. print('\nHistory scan report: \n') print(history_range_resp) + + +Artifact Validation +===== +Artifacts produced in this repository are signed by Snowflake and can be validated on the client side with the following steps. + +1. Install cosign following these instructions (https://edu.chainguard.dev/open-source/sigstore/cosign/how-to-install-cosign) +2. Download the `.whl` from the repository like pypi (https://pypi.org/project/snowflake-ingest/#files) +3. Download the `.crt` and `.sig` files for the version of artifact from the release page (https://github.com/snowflakedb/snowflake-ingest-python/releases/) +4. Validate with cosign with the following command as an example + +cosign verify-blob snowflake_ingest-1.0.9-py3-none-any.whl \ +--certificate snowflake_ingest-1.0.9-py3-none-any.whl.crt \ +--certificate-identity https://github.com/snowflakedb/snowflake-ingest-python/.github/workflows/publish-python.yaml@refs/tags/v1.0.9 \ +--certificate-oidc-issuer https://token.actions.githubusercontent.com \ +--signature snowflake_ingest-1.0.9-py3-none-any.whl.sig \ No newline at end of file From ce6bf0a06c07d947e3f91fa17465a46e23aaf2a9 Mon Sep 17 00:00:00 2001 From: Hao Dang Date: Thu, 14 Nov 2024 10:44:24 -0800 Subject: [PATCH 2/4] Update README.rst --- README.rst | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.rst b/README.rst index 94fbf0b..3dc9d79 100644 --- a/README.rst +++ b/README.rst @@ -136,13 +136,15 @@ Artifact Validation ===== Artifacts produced in this repository are signed by Snowflake and can be validated on the client side with the following steps. -1. Install cosign following these instructions (https://edu.chainguard.dev/open-source/sigstore/cosign/how-to-install-cosign) -2. Download the `.whl` from the repository like pypi (https://pypi.org/project/snowflake-ingest/#files) -3. Download the `.crt` and `.sig` files for the version of artifact from the release page (https://github.com/snowflakedb/snowflake-ingest-python/releases/) -4. Validate with cosign with the following command as an example - -cosign verify-blob snowflake_ingest-1.0.9-py3-none-any.whl \ ---certificate snowflake_ingest-1.0.9-py3-none-any.whl.crt \ ---certificate-identity https://github.com/snowflakedb/snowflake-ingest-python/.github/workflows/publish-python.yaml@refs/tags/v1.0.9 \ ---certificate-oidc-issuer https://token.actions.githubusercontent.com \ ---signature snowflake_ingest-1.0.9-py3-none-any.whl.sig \ No newline at end of file +1. Install cosign following `these instructions `_. +2. Download the `.whl` from the repository like `pypi `_. +3. Download the `.crt` and `.sig` files for the version of artifact from the `release page `_. +4. Validate with cosign with the following command as an example. If valid, a message "Verified OK" should be printed out. + +.. code-block:: bash + + cosign verify-blob snowflake_ingest-1.0.9-py3-none-any.whl \ + --certificate snowflake_ingest-1.0.9-py3-none-any.whl.crt \ + --certificate-identity https://github.com/snowflakedb/snowflake-ingest-python/.github/workflows/publish-python.yaml@refs/tags/v1.0.9 \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + --signature snowflake_ingest-1.0.9-py3-none-any.whl.sig From 17648f02de513ee82065a9b25d23a27e983fe69d Mon Sep 17 00:00:00 2001 From: Hao Dang Date: Thu, 14 Nov 2024 14:37:29 -0800 Subject: [PATCH 3/4] update codecov action --- .github/workflows/End2EndTest.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/End2EndTest.yml b/.github/workflows/End2EndTest.yml index 9f4b2e1..d066aff 100644 --- a/.github/workflows/End2EndTest.yml +++ b/.github/workflows/End2EndTest.yml @@ -43,9 +43,10 @@ jobs: # pytest --cov=./ --cov-report=xml --tb=native tests - name: Upload coverage to Codecov - uses: codecov/codecov-action@v1 + uses: codecov/codecov-action@v4 with: files: ./snowflake-ingest-python-coverage.xml name: codecov-snowpipe-python-sdk fail_ci_if_error: true verbose: true + token: ${{ secrets.CODECOV_TOKEN }} From 936da5b66ac21b6c3f75e1cc894b1170962c44e9 Mon Sep 17 00:00:00 2001 From: Hao Dang Date: Thu, 14 Nov 2024 14:43:32 -0800 Subject: [PATCH 4/4] update readme --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 3dc9d79..9cc64ab 100644 --- a/README.rst +++ b/README.rst @@ -139,7 +139,7 @@ Artifacts produced in this repository are signed by Snowflake and can be validat 1. Install cosign following `these instructions `_. 2. Download the `.whl` from the repository like `pypi `_. 3. Download the `.crt` and `.sig` files for the version of artifact from the `release page `_. -4. Validate with cosign with the following command as an example. If valid, a message "Verified OK" should be printed out. +4. Validate with cosign. The following command is an example to validate the `.whl` file of version 1.0.9. If valid, a message "Verified OK" should be printed out. .. code-block:: bash