Merge branch 'main' into npm/config

open-component-model · Feb 22, 2024 · 8565e58 · 8565e58
2 parents afd8455 + b60bac1
commit 8565e58
Show file tree

Hide file tree

Showing 6 changed files with 123 additions and 17 deletions.
diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml
@@ -25,6 +25,7 @@ on:
         - debug
 jobs:
   mend-scan:
+    if: github.repository == 'open-component-model/ocm'
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
@@ -174,15 +175,15 @@ jobs:
         fi
         
     - name: Check if PR exists
-      uses: 8BitJonny/gh-get-current-pr@2.2.0
+      uses: 8BitJonny/gh-get-current-pr@3.0.0
       id: pr_exists
       with:
         filterOutClosed: true
         sha: ${{ github.event.pull_request.head.sha }}
 
     - name: Comment Mend Status on PR
       if: ${{ github.event_name != 'schedule' && steps.pr_exists.outputs.pr_found == 'true' }}
-      uses: thollander/actions-comment-pull-request@v2.4.3
+      uses: thollander/actions-comment-pull-request@v2.5.0
       with:
         message: |
           ## Mend Scan Summary: :${{ steps.report.outputs.status }}:

diff --git a/go.mod b/go.mod
@@ -240,7 +240,7 @@ require (
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.4 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.0.19 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lib/pq v1.10.9 // indirect

diff --git a/go.sum b/go.sum
@@ -1146,7 +1146,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
@@ -1801,9 +1800,8 @@ github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJG
 github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
 github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
 github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.0.16 h1:TuH3dBkYTy2giQg/9D8f20znS3JtMRuQJ372boS3lWk=
-github.com/lestrrat-go/jwx/v2 v2.0.16/go.mod h1:jBHyESp4e7QxfERM0UKkQ80/94paqNIEcdEfiUYz5zE=
-github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY=
+github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=
@@ -2505,7 +2503,6 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -2842,7 +2839,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -2858,7 +2854,6 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2878,7 +2873,6 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

diff --git a/pkg/contexts/ocm/compdesc/copy_test.go b/pkg/contexts/ocm/compdesc/copy_test.go
@@ -0,0 +1,110 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package compdesc_test
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	. "github.com/open-component-model/ocm/pkg/testutils"
+
+	"github.com/go-test/deep"
+
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociartifact"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc"
+	v1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/defaultmerge"
+	"github.com/open-component-model/ocm/pkg/runtime"
+)
+
+var _ = Describe("Component Descripor Copy Test Suitet", func() {
+	Context("compdesc copy", func() {
+		It("copies CD", func() {
+
+			labels := v1.Labels{
+				*Must(v1.NewLabel("label", "value",
+					v1.WithVersion("v1"),
+					v1.WithSigning(true),
+					v1.WithMerging(defaultmerge.ALGORITHM, defaultmerge.NewConfig(defaultmerge.MODE_LOCAL)))),
+			}
+			cd := compdesc.New("mandelsoft.org/test", "1.0.0")
+			cd.Metadata.ConfiguredVersion = "xxx"
+			cd.ObjectMeta.CreationTime = compdesc.NewTimestampP()
+			cd.ObjectMeta.Provider = v1.Provider{
+				Name:   "mandelsoft",
+				Labels: labels,
+			}
+			cd.ObjectMeta.Labels = labels
+			cd.RepositoryContexts = runtime.UnstructuredTypedObjectList{
+				runtime.NewEmptyUnstructured("repo"),
+			}
+			cd.Resources = compdesc.Resources{
+				compdesc.Resource{
+					ResourceMeta: compdesc.ResourceMeta{
+						ElementMeta: compdesc.ElementMeta{
+							Name:          "resc1",
+							Version:       "v1",
+							ExtraIdentity: v1.NewExtraIdentity("id", "a"),
+							Labels:        labels,
+						},
+						Type:       "rsc",
+						Relation:   v1.LocalRelation,
+						SourceRefs: nil,
+						Digest: &v1.DigestSpec{
+							HashAlgorithm:          "hashalgo",
+							NormalisationAlgorithm: "normalgo",
+							Value:                  "digest",
+						},
+					},
+					Access: ociartifact.New("oci.com/image"),
+				},
+			}
+			cd.Sources = compdesc.Sources{
+				compdesc.Source{
+					SourceMeta: compdesc.SourceMeta{
+						ElementMeta: compdesc.ElementMeta{
+							Name:          "src1",
+							Version:       "v2",
+							ExtraIdentity: v1.NewExtraIdentity("id", "b"),
+							Labels:        labels,
+						},
+						Type: "src",
+					},
+					Access: ociartifact.New("oci.com/otherimage"),
+				},
+			}
+			cd.References = compdesc.References{
+				compdesc.ComponentReference{
+					ElementMeta:   compdesc.ElementMeta{},
+					ComponentName: "",
+					Digest:        nil,
+				},
+			}
+
+			cd.Signatures = v1.Signatures{
+				v1.Signature{
+					Name: "sig",
+					Digest: v1.DigestSpec{
+						HashAlgorithm:          "hashalgo2",
+						NormalisationAlgorithm: "normalgo2",
+						Value:                  "digest2",
+					},
+					Signature: v1.SignatureSpec{
+						Algorithm: "sigalgo",
+						Value:     "sig",
+						MediaType: "media",
+						Issuer:    "issuer",
+					},
+					Timestamp: &v1.TimestampSpec{
+						Value: "ts",
+						Time:  compdesc.NewTimestampP(),
+					},
+				},
+			}
+			cp := cd.Copy()
+
+			Expect(deep.Equal(cd, cp)).To(BeNil())
+		})
+	})
+})
diff --git a/pkg/contexts/ocm/compdesc/meta/v1/types.go b/pkg/contexts/ocm/compdesc/meta/v1/types.go
@@ -149,10 +149,11 @@ func (o *ObjectMeta) SetLabels(labels []Label) {
 // GetName returns the name of the object.
 func (o *ObjectMeta) Copy() *ObjectMeta {
 	return &ObjectMeta{
-		Name:     o.Name,
-		Version:  o.Version,
-		Labels:   o.Labels.Copy(),
-		Provider: *o.Provider.Copy(),
+		Name:         o.Name,
+		Version:      o.Version,
+		Labels:       o.Labels.Copy(),
+		Provider:     *o.Provider.Copy(),
+		CreationTime: o.CreationTime.DeepCopy(),
 	}
 }
 

diff --git a/pkg/signing/handlers/rsa-pss-signingservice/handler.go b/pkg/signing/handlers/rsa-pss-signingservice/handler.go
@@ -6,13 +6,13 @@ package rsa_pss_signingservice
 
 import (
 	"github.com/open-component-model/ocm/pkg/signing"
-	"github.com/open-component-model/ocm/pkg/signing/handlers/rsa"
+	"github.com/open-component-model/ocm/pkg/signing/handlers/rsa-pss"
 	rsa_signingservice "github.com/open-component-model/ocm/pkg/signing/handlers/rsa-signingservice"
 )
 
 // Algorithm defines the type for the RSA PKCS #1 v1.5 signature algorithm.
 const (
-	Algorithm = rsa.Algorithm
+	Algorithm = rsa_pss.Algorithm
 	Name      = "rsapss-signingservice"
 )