Merge pull request #31 from defenseunicorns/streamline-repo

chore: bronze badge and streamline repo and GH permissions
defenseunicorns · Oct 24, 2024 · af8e26d · af8e26d
2 parents 1cfa96e + d42bc48
commit af8e26d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 13 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -8,6 +8,10 @@ on:
     branches: [main]
     types: [milestoned, opened, synchronize]
 
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+
 jobs:
   validate:
     strategy:

diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -8,6 +8,11 @@ on:
     branches: [main]
     types: [milestoned, opened, edited, synchronize]
 
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+  pull-requests: read # Allows reading pull requests
+
 jobs:
   validate:
     uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -9,6 +9,10 @@ on:
     # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
     types: [milestoned, opened, reopened, synchronize]
 
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+
 jobs:
   validate:
     uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2

diff --git a/README.md b/README.md
@@ -1,11 +1,12 @@
 # 🏭 UDS Sigstore Package
 
+[<img alt="Made for UDS" src="https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/heads/main/docs/assets/made-for-uds-bronze.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core)
 [![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-sigstore)](https://github.com/defenseunicorns/uds-package-sigstore/releases)
 [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-sigstore/release.yaml)](https://github.com/defenseunicorns/uds-package-sigstore/actions/workflows/release.yaml)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-sigstore/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-sigstore)
 
-> [!WARNING]  
-> `uds-package-sigstore` is in early alpha and is not ready for general consumption.  It is currently supported as a way to sign `in-toto` attestations within GitLab runner.
+> [!NOTE]
+> `uds-package-sigstore` is only a Bronze package and does not support all Sigstore features yet! If you would like to improve the package we welcome PRs! (see [Contributing](#contributing) below)
 
 > [!IMPORTANT]  
 > The `arm64` package includes `amd64` images due to lack of availability of `arm64` images from upstream projects at this time. This means you can deploy the `arm64` package on an `arm64` kubernetes cluster, but some of the images contained in the package will require emulation (e.g., qemu or rosetta) to run properly.
@@ -14,17 +15,7 @@ This package is designed for use as part of a [UDS Software Factory](https://git
 
 ## Prerequisites
 
-- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production environments.
-
-- [UDS CLI](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) v0.9.2 or later
-
-## Flavors
-
-| Flavor | Description | Example Creation |
-| ------ | ----------- | ---------------- |
-| upstream | Uses upstream images within the package. | `uds zarf package create . -f upstream` |
-
-Note: there is _not_ currently a registry1 flavor as Iron Bank does not have any `sigstore` images yet.
+This package requires a Kubernetes Cluster providing a Storage Class that has [UDS Core](https://github.com/defenseunicorns/uds-core) installed into it along with the appropriate certificates for Sigstore's components.  You can learn more about configuring this package in the [configuration documentation](./docs/configuration.md)
 
 ## Releases
 
@@ -41,3 +32,7 @@ After installing uds-cli, for a list of available tasks that can be run in this
 ## Contributing
 
 Please see the [CONTRIBUTING.md](./CONTRIBUTING.md)
+
+## Development
+
+When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the [guide](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/development/development-ide-configuration.md) in uds-common.