Skip to content

Add integration test suite for sigstore (full sigstore stack) #999

Open
Task
Open
Add integration test suite for sigstore (full sigstore stack)#999
Task
Labels
area/ipceiImportant Project of Common European Interestkind/tasksmall task, normally part of feature or epic
@morri-son

Description

@morri-son
morri-son
opened on Apr 1, 2026

Description

Add a self-contained integration test suite under bindings/go/sigstore/integration/ using a local kind cluster with a full Sigstore stack.

Infrastructure (via Helm):

  • Rekor v1 (sigstore/scaffold): Fulcio, CTLog, Trillian, TUF, TSA
  • Rekor v2 (rekor-tiles, POSIX backend)
  • Port-forwards for all services to localhost

Test scenarios required:

  • Key-based sign/verify (ECDSA, Ed25519)
  • Keyless sign/verify (OIDC token via kubectl create token)
  • Identity verification (issuer + SAN enforcement)
  • TSA integration (required for Rekor v2 — no SETs)
  • signing_config.json endpoint discovery
  • Custom TUF mirror verification
  • Minimal bundle (no Rekor/Fulcio)
  • Tampered digest detection

Done Criteria

  • task kind/setup deploys Rekor v1 + v2 + Fulcio + TSA + TUF in kind
  • All test scenarios pass against both Rekor v1 and v2 backends
  • task test/integration runs the full suite
  • Setup/teardown scripts are idempotent
  • Code reviewed by other team members
  • CI pipeline integration documented or CI job added
  • Successful demonstration in Review

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/ipceiImportant Project of Common European Interestkind/tasksmall task, normally part of feature or epic

    Type

    Task

    Projects

    OCM Backlog Board

    Status

    🛠️ Needs Refinement

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions