From 5b8004a4f0be22128036d3f74bc0656394fb935c Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 16 Aug 2024 14:38:05 -0400 Subject: [PATCH] track release signing identities too Signed-off-by: William Woodruff --- fetcher.py | 27 +++++++++++++++++++++---- signing-identities.json | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 signing-identities.json diff --git a/fetcher.py b/fetcher.py index 396332a..dd60b09 100644 --- a/fetcher.py +++ b/fetcher.py @@ -14,8 +14,10 @@ _FORCE = os.getenv("FORCE") is not None -_OUT = Path(__file__).parent / "versions" -assert _OUT.is_dir() +_VERSIONS = Path(__file__).parent / "versions" +assert _VERSIONS.is_dir() + +_SIGNING_IDENTITIES = Path(__file__).parent / "signing-identities.json" def log(msg: str) -> None: @@ -23,7 +25,7 @@ def log(msg: str) -> None: def do_release(version: Version, slug: str) -> None: - output = _OUT / f"{version}.json" + output = _VERSIONS / f"{version}.json" # Don't repeat ourselves unless told to. if output.is_file() and not _FORCE: @@ -73,7 +75,7 @@ def do_release(version: Version, slug: str) -> None: def do_sigstore(version: Version) -> None: - input = _OUT / f"{version}.json" + input = _VERSIONS / f"{version}.json" artifacts = json.loads(input.read_text()) for artifact in artifacts: @@ -93,6 +95,21 @@ def do_sigstore(version: Version) -> None: input.write_text(json.dumps(artifacts)) +def do_sigstore_identities() -> None: + sigstore_info = urllib3.request("GET", "https://www.python.org/download/sigstore/") + sigstore_info_doc = html.fromstring(sigstore_info.data) + + sigstore_table = sigstore_info_doc.xpath("//table")[0] + headers = sigstore_table.xpath(".//thead//tr//th//text()") + + sigstore_identities = [] + for row in sigstore_table.xpath(".//tbody//tr"): + col_values = row.xpath(".//td//text()") + sigstore_identities.append(dict(zip(headers, col_values))) + + _SIGNING_IDENTITIES.write_text(json.dumps(sigstore_identities, indent=4)) + + releases = urllib3.request( "GET", "https://www.python.org/api/v2/downloads/release/" ).json() @@ -105,3 +122,5 @@ def do_sigstore(version: Version) -> None: do_release(version, slug) do_sigstore(version) + +do_sigstore_identities() diff --git a/signing-identities.json b/signing-identities.json new file mode 100644 index 0000000..c8ece14 --- /dev/null +++ b/signing-identities.json @@ -0,0 +1,44 @@ +[ + { + "Release": "3.7", + "PEP": "PEP 537", + "Release manager": "nad@python.org", + "OIDC Issuer": "https://github.com/login/oauth" + }, + { + "Release": "3.8", + "PEP": "PEP 569", + "Release manager": "lukasz@langa.pl", + "OIDC Issuer": "https://github.com/login/oauth" + }, + { + "Release": "3.9", + "PEP": "PEP 596", + "Release manager": "lukasz@langa.pl", + "OIDC Issuer": "https://github.com/login/oauth" + }, + { + "Release": "3.10", + "PEP": "PEP 619", + "Release manager": "pablogsal@python.org", + "OIDC Issuer": "https://accounts.google.com" + }, + { + "Release": "3.11", + "PEP": "PEP 664", + "Release manager": "pablogsal@python.org", + "OIDC Issuer": "https://accounts.google.com" + }, + { + "Release": "3.12", + "PEP": "PEP 693", + "Release manager": "thomas@python.org", + "OIDC Issuer": "https://accounts.google.com" + }, + { + "Release": "3.13", + "PEP": "PEP 719", + "Release manager": "thomas@python.org", + "OIDC Issuer": "https://accounts.google.com" + } +] \ No newline at end of file