Skip to content

refactor: begin to remove sigstore_protobuf_specs #1470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 30 commits into
base: main
Choose a base branch
from

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Jul 18, 2025

Towards #1049.

This is very WIP and won't work in CI yet since I'm using a local editable install of the new sigstore_models package while I iterate on it.

NB: I've also temporarily disabled interrogate because it has some kind of issue with a cairo dep.

@woodruffw woodruffw added this to the 4.0 milestone Jul 18, 2025
@woodruffw woodruffw self-assigned this Jul 18, 2025
@woodruffw woodruffw added the refactoring Refactoring tasks. label Jul 18, 2025
@woodruffw
Copy link
Member Author

I've published https://pypi.org/project/sigstore-models/ to accompany this.

@woodruffw woodruffw marked this pull request as ready for review July 22, 2025 15:41
@woodruffw
Copy link
Member Author

Okay, this is good for a review.

Key changes:

  • I've removed sigstore_protobuf_specs entirely and replaced it with sigstore_models, which I've created as a replacement. The latter contains only the subset of the former that's needed by sigstore-python, and has no protobuf dependencies at all (only Pydantic).
  • I've rewritten all of the APIs per above. This was mostly a 1-1 substitution, although there are some nuances around Protobuf's JSON encoding quirks (namely for uint64 and bytes types). These quirks should have no public API implications, but they require some more explicit internal round-trip handling than the sigstore_protobuf_specs APIs did. In particular, we now need to explicitly base64 encode bytes when passing them into the models, and same string-encoding uint64s.
  • I've removed the sigstore.models.LogEntry model entirely and replaced it with sigstore.models.TransparencyLogEntry, which is a wrapper type for the "protobuf" level TransparencyLogEntry type. This makes it consistent with our other sigstore.models APIs (e.g. Bundle).
  • Similarly, I've completely removed sigstore.models.LogInclusionProof since it's now fully covered by sigstore_models.
  • Finally, I've updated the checked-in TUF/signing config/trust root assets to include operator everywhere -- this field isn't explicitly marked as required by the protobuf-specs but the documentation implies that it is. Consequently sigstore_models requires it, which works with the actual staging instance but not with the checked-in assets (since they were presumably at least partially handwritten).

Separately from the above, this PR contains some CI fixes (from zizmor).

@jku
Copy link
Member

jku commented Jul 23, 2025

This is great, I'll try to review tomorrow (although I don't think we need to rush with this one)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
refactoring Refactoring tasks.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants