Skip to content

feat: add model signer #2168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jonburdo wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: add model signer #2168

jonburdo wants to merge 1 commit into from
+1,586 −20

Conversation

@jonburdo
Copy link
Member

@jonburdo jonburdo commented Jan 29, 2026

This implements OMS signing to produce a signal .sig file for any repo or collection of files.

Description

How Has This Been Tested?

Merge criteria:

  • All the commits have been signed-off (To pass the DCO check)
  • The commits have meaningful messages
  • Automated tests are provided as part of the PR for major new functionalities; testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work.
  • Code changes follow the kubeflow contribution guidelines.
  • For first time contributors: Please reach out to the Reviewers to ensure all tests are being run, ensuring the label ok-to-test has been added to the PR.

If you have UI changes

  • The developer has added tests or explained why testing cannot be added.
  • Included any necessary screenshots or gifs if it was a UI change.
  • Verify that UI/UX changes conform the UX guidelines for Kubeflow.

@jonburdo
feat: add model signer
c60e54a 
This implements OMS signing to produce a signal .sig file for any repo
or collection of files.

Signed-off-by: Jon Burdo <jon@jonburdo.com>
@google-oss-prow
Copy link

google-oss-prow bot commented Jan 29, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ederign for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

tarilabs
tarilabs reviewed Jan 29, 2026
View reviewed changes
clients/python/poetry.lock

[[package]]
name = "in-toto-attestation"
version = "0.9.3"
Copy link
Member

@tarilabs tarilabs Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: we should try to bump this in-toto-attestation to >1.0.0 if possible (I dont' see any lockfile for rh-image-signing)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarilabs tarilabs tarilabs left review comments

@Al-Pragliola Al-Pragliola Awaiting requested review from Al-Pragliola

@andreyvelich andreyvelich Awaiting requested review from andreyvelich

Assignees

No one assigned

Labels

Area/MR Python client do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonburdo @tarilabs