Merge branch 'main' into update-overview

Remove conflicts

.github/workflows/markdownlint.yml

@@ -0,0 +1,33 @@
+name: MarkdownLint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  markdownlint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: tj-actions/changed-files@v37
+        id: changed-files
+        with:
+          files: '**/*.md'
+          separator: ","
+
+      - uses: DavidAnson/markdownlint-cli2-action@v11
+        if: steps.changed-files.outputs.any_changed == 'true'
+        with:
+          config: '.markdownlint-cli2.jsonc'
+          globs: ${{ steps.changed-files.outputs.all_changed_files }}
+          separator: ","
+        continue-on-error: true

archetypes/docs.md

@@ -12,4 +12,5 @@ menu:
     identifier: "{{ .Name }}-{{ delimit (shuffle (split (md5 .Name) "" )) "" }}"
 weight: 999
 toc: true
+type: docs
 ---

config/_default/params.toml

@@ -93,8 +93,8 @@ lastMod = false
   clipBoard = true
   instantPage = true
   flexSearch = true
-  searchSectionsShow = []
-  searchSectionsIndex = []
+  searchSectionsShow = "ALL"
+  searchSectionsIndex = "ALL"
   darkMode = true
   bootStrapJs = true
   breadCrumb = true

content/en/docs/about/_index.html → content/en/about/_index.html

@@ -1,4 +1,5 @@
 ---
+type: docs
 title: "About"
 description: "About Sigstore"
 lead: ""

content/en/docs/about/api-stability.md → content/en/about/api-stability.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: API stability levels and deprecation policy
 title: API Stability and Deprecation Policy
@@ -40,4 +41,4 @@ _Note: These guidelines will be followed on a best-effort basis.
 Since Sigstore is a security project, maintainers reserve the right to break things faster if necessary to address a security issue._
 
 A list of features and associated levels will be available in each repository under FEATURES.md.
-A deprecation table will be available in each repository under DEPRECATIONS.md.
+A deprecation table will be available in each repository under DEPRECATIONS.md.

content/en/docs/about/contributing.md → content/en/about/contributing.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: Intro text
 title: Contributing
@@ -75,4 +76,4 @@ Docs and other calendar invites may be shared directly with this group, so pleas
 
 ## Slack
 
-You can also keep in touch by joining our [Slack channel](https://sigstore.slack.com). Use [this invite link](https://links.sigstore.dev/slack-invite) to join.
+You can also keep in touch by joining our [Slack channel](https://sigstore.slack.com). Use [this invite link](https://links.sigstore.dev/slack-invite) to join.

content/en/docs/about/faq.md → content/en/about/faq.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 menuTitle: FAQs
 title: Frequently asked questions
@@ -157,4 +158,4 @@ Public blockchains often end up using a centralized entry point for canonicaliza
 
 ### Can I get Rekor to work with my X format, framework standard?
 
-- Yes. Using pluggable types you can create your own manifest layout and send it to Rekor. Head over to [pluggable types](/logging/pluggable-types/)
+- Yes. Using pluggable types you can create your own manifest layout and send it to Rekor. Head over to [pluggable types](/logging/pluggable-types/)

content/en/docs/about/overview.md → content/en/about/overview.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About Sigstore
 description: Documentation for Sigstore
 home: true

content/en/docs/about/research.md → content/en/about/research.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: ''
 title: Research
@@ -30,4 +31,4 @@ Academic and industry research related to software supply chain security, transp
     * [sigstore/java](https://github.com/sigstore/sigstore-java)
     * [sigstore/sigstore-maven](https://github.com/sigstore/sigstore-maven)
     * [Sigstore Java meeting notes](https://docs.google.com/document/d/1R7mL-IUrc2Z_LuOIvwDWshVuPQS_2VNE_cIQx4Oy5zw/edit)
-* Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs)
+* Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs)

content/en/docs/about/security.md → content/en/about/security.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: ''
 title: Security Model
@@ -78,4 +79,4 @@ Clients like Cosign only need to find the correct Rekor entry to verify the arti
 
 - If an OIDC identity or OIDC provider is compromised, Fulcio might issue unauthorized certificates. However, these certificates are useless unless they are published to the certificate transparency log, so such compromise can be detected.
 - If Fulcio is compromised, it might issue unauthorized certificates. However, like before, these should be detectable.
-- If no third parties monitor the logs, then any misbehavior by Rekor and Fulcio might go undetected.
+- If no third parties monitor the logs, then any misbehavior by Rekor and Fulcio might go undetected.

content/en/docs/about/support.md → content/en/about/support.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: ''
 title: Get Help
@@ -29,4 +30,4 @@ Each repository has a `CODEOWNERS` file describing current maintainers. Join our
 
 # Asking questions
 
-We welcome questions! You can either join the [Slack community][sc] and post them on `#general` channel or open a GitHub issue in the relevant repository.
+We welcome questions! You can either join the [Slack community][sc] and post them on `#general` channel or open a GitHub issue in the relevant repository.

content/en/docs/about/threat-model.md → content/en/about/threat-model.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: ''
 title: Threat Model
@@ -133,4 +134,4 @@ That policy should cover:
 * Which Sigstore instance(s) do you trust, and how do you retrieve the key material for those instances?
 * How do you handle revocation?
 
-The answers will be different in different settings. For instance, a small organization may be able to meet their security needs by requiring signatures from one fixed party, with a blocklist for revoked artifacts. A large package repository may need to manage signing identities that change frequently over time. We hope to provide more detailed guidance for a variety of settings in future documentation.
+The answers will be different in different settings. For instance, a small organization may be able to meet their security needs by requiring signatures from one fixed party, with a blocklist for revoked artifacts. A large package repository may need to manage signing identities that change frequently over time. We hope to provide more detailed guidance for a variety of settings in future documentation.

content/en/docs/about/tooling.md → content/en/about/tooling.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: About sigstore
 description: ''
 features:
@@ -34,4 +35,4 @@ An identity layer that checks if you're who you say you are. It lets clients req
 ### Policy Controller
 
 An admission controller for Kubernetes for enforcing policy on
-containers allowed to run.
+containers allowed to run.

content/en/docs/certificate_authority/_index.html → content/en/certificate_authority/_index.html

@@ -1,4 +1,5 @@
 ---
+type: docs
 title: "Certificate Authority"
 description: "Documentation for Fulcio"
 lead: ""

content/en/docs/certificate_authority/cert-transparency-log-info.md → content/en/certificate_authority/cert-transparency-log-info.md

@@ -1,7 +1,8 @@
 ---
+type: docs
 category: Certificate authority
 title: Transparency Log Info
 weight: 1709
 ---
 
-Review Fulcio's [transparency log information](https://github.com/sigstore/fulcio/blob/main/docs/ctlog.md) on GitHub.
+Review Fulcio's [transparency log information](https://github.com/sigstore/fulcio/blob/main/docs/ctlog.md) on GitHub.

content/en/docs/certificate_authority/cert_specification.md → content/en/certificate_authority/cert_specification.md

@@ -1,7 +1,8 @@
 ---
+type: docs
 category: Certificate authority
 title: Certificate Specification
 weight: 1725
 ---
 
-Review Fulcio's [certificate specification](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md) on GitHub.
+Review Fulcio's [certificate specification](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md) on GitHub.

content/en/docs/certificate_authority/certificate-issuing-overview.md → content/en/certificate_authority/certificate-issuing-overview.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Certificate authority
 menuTitle: Certificate Issuing
 title: Certificate Issuing Overview
@@ -112,4 +113,4 @@ See [Certificate Transparency Log Information](https://github.com/sigstore/fulci
 
 ## 7 — Return certificate to client
 
-![Fulcio return the certificate to the client](/fulcio-7-return-to-client.png)
+![Fulcio return the certificate to the client](/fulcio-7-return-to-client.png)

content/en/docs/certificate_authority/hsm-support.md → content/en/certificate_authority/hsm-support.md

@@ -1,7 +1,8 @@
 ---
+type: docs
 category: Certificate authority
 title: HSM Support
 weight: 1720
 ---
 
-Review Fulcio's [HSM support](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md) on GitHub.
+Review Fulcio's [HSM support](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md) on GitHub.

content/en/docs/certificate_authority/oidc-in-fulcio.md → content/en/certificate_authority/oidc-in-fulcio.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Certificate authority
 menuTitle: Using OIDC Tokens
 title: OIDC Usage in Fulcio
@@ -168,4 +169,4 @@ Additionally, the configuration must include `SubjectDomain`, for example `examp
 
 * The issuer in the configuration must partially match the domain in the configuration. The top level domain and second level domain must match. The user who updates the Fulcio configuration must also have control over both the issuer and domain configuration fields (Verified either manually or through an ACME-style challenge).
 
-`SubjectDomain` is appended to `sub` to form an email, `sub@SubjectDomain`, and included as a SAN email address.
+`SubjectDomain` is appended to `sub` to form an email, `sub@SubjectDomain`, and included as a SAN email address.

content/en/docs/certificate_authority/overview.md → content/en/certificate_authority/overview.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Certificate authority
 menuTitle: Overview
 title: Fulcio
@@ -13,4 +14,4 @@ Fulcio was designed to run as a centralized, public-good instance, auditable by
 
 Fulcio is being developed as part of the sigstore project. Join us on our [Slack channel](https://sigstore.slack.com/) (need an [invite](https://links.sigstore.dev/slack-invite)?)
 
-You can learn more about Fulcio in the [Fulcio repo](https://github.com/sigstore/fulcio) and the [repo docs](https://github.com/sigstore/fulcio/tree/main/docs).
+You can learn more about Fulcio in the [Fulcio repo](https://github.com/sigstore/fulcio) and the [repo docs](https://github.com/sigstore/fulcio/tree/main/docs).

content/en/docs/certificate_authority/release-log.md → content/en/certificate_authority/release-log.md

@@ -1,7 +1,8 @@
 ---
+type: docs
 category: Certificate authority
 title: Release Log
 weight: 1715
 ---
 
-Review Fulcio's [Release log](https://github.com/sigstore/fulcio/releases) on GitHub.
+Review Fulcio's [Release log](https://github.com/sigstore/fulcio/releases) on GitHub.

content/en/docs/key_management/_index.html → content/en/key_management/_index.html

@@ -1,4 +1,5 @@
 ---
+type: docs
 title: "Key Management"
 description: "Documentation for key management with KMS providers"
 lead: ""

content/en/docs/key_management/hardware-based-tokens.md → content/en/key_management/hardware-based-tokens.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Key management
 title: Hardware Tokens
 weight: 515
@@ -263,4 +264,4 @@ uCPMJZqsNyWMmfksjulR9XAQvBCImkXncw==
 
 $ openssl verify -CAfile chain.pem key.crt
 key.crt: OK
-```
+```

content/en/docs/key_management/import-keypair.md → content/en/key_management/import-keypair.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Key management
 title: Importing Key Pairs
 weight: 510
@@ -29,4 +30,4 @@ $ cosign sign --key import-cosign.key $IMAGE_DIGEST
 Enter password for private key:
 tlog entry created with index: *****
 Pushing signature to: *****
-```
+```

content/en/docs/key_management/overview.md → content/en/key_management/overview.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Key management
 title: Overview
 weight: 500
@@ -219,4 +220,4 @@ If you enabled `transit` secret engine at different path with the use of `-path`
 
 ```shell
 $ TRANSIT_SECRET_ENGINE_PATH="someotherpath" cosign generate-key-pair --kms hashivault://testkey
-```
+```

content/en/docs/key_management/signing_with_self-managed_keys.md → content/en/key_management/signing_with_self-managed_keys.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Key management
 title: Signing with Self-Managed Keys
 weight: 505
@@ -46,4 +47,4 @@ This section shows traditional key signing from a key pair:
 $ cosign sign --key cosign.key user/demo
 Enter password for private key:
 Pushing signature to: index.docker.io/user/demo:sha256-87ef60f558bad79beea6425a3b28989f01dd417164150ab3baab98dcbf04def8.sig
-```
+```

content/en/docs/logging/CLI.md → content/en/logging/CLI.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Transparency Log
 title: CLI
 weight: 1825
@@ -92,4 +93,4 @@ rekor-cli search --rekor_server https://rekor.sigstore.dev --[artifact|public-ke
 For example:
 ```
 rekor-cli search --rekor_server https://rekor.sigstore.dev --sha sha256:e2e90d1a25f90a3156a27f00f3a4179578e3132ed4f010dc3498d09175b6071a
-```
+```

content/en/docs/logging/_index.html → content/en/logging/_index.html

@@ -1,4 +1,5 @@
 ---
+type: docs
 title: "Transparency Log"
 description: "Documentation for Rekor"
 lead: ""

content/en/docs/logging/installation.md → content/en/logging/installation.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Transparency Log
 title: Installation
 weight: 1805
@@ -148,4 +149,4 @@ rekor-server serve --enable_retrieve_api=false
 
 #### Next Steps
 
-Congratulations! Your local Rekor server is now running. You can interact with it using the [Rekor CLI](/rekor/CLI/).
+Congratulations! Your local Rekor server is now running. You can interact with it using the [Rekor CLI](/rekor/CLI/).

content/en/docs/logging/overview.md → content/en/logging/overview.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Transparency Log
 description: The Rekor overview
 menuTitle: Overview
@@ -37,4 +38,4 @@ to audit the log. You can also monitor the log for specified identities, though
 this feature is a work in progress and supports a limited set of identities and entry types.
 
 You can also run [omniwitness](https://github.com/transparency-dev/witness/tree/main/cmd/omniwitness) to
-audit the log, built by the team who created Trillian, which provides Rekor's verifiable log.
+audit the log, built by the team who created Trillian, which provides Rekor's verifiable log.

content/en/docs/logging/pluggable-types.md → content/en/logging/pluggable-types.md

@@ -1,4 +1,5 @@
 ---
+type: docs
 category: Transparency Log
 title: Pluggable Types
 weight: 1830
@@ -130,4 +131,4 @@ To add new version of the default `Rekord` type:
 
 5. Add an entry to `pluggableTypeMap` in `cmd/server/app/serve.go` that provides a reference to the Go package implementing the new version. This ensures that the `init` function will be called before the server starts to process incoming requests and therefore will be added to the map that is used to route request processing for different types.
 
-6. After adding sufficient unit & integration tests, submit a pull request to `sigstore/rekor` for review and addition to the codebase.
+6. After adding sufficient unit & integration tests, submit a pull request to `sigstore/rekor` for review and addition to the codebase.