[go: up one dir, main page]
Skip to content

Add integrity check for remote CI includes

Dennis Appeltrequested to merge
feature/ci-include-integrity into master

This merge request adds support for integrity checks on remote includes in GitLab CI configurations. It introduces a new integrity key that can be used with remote includes to specify a SHA256 hash of the expected content. The code validates that the integrity hash is properly formatted and base64 encoded. When fetching remote content, it now verifies the integrity by comparing the actual hash of the fetched content with the expected hash. This enhancement improves security by ensuring that the included remote content hasn't been tampered with or altered during transmission. The changes also include appropriate error handling and validation to ensure the integrity feature is used correctly.

Usage Example

#.gitlab-ci.yml

include:
  - remote: 'https://host.com/foo-ci.yml'
    integrity: 'sha256-BozLjE+uzwZJEC5jBWZoJ+ZfvcTiBlj80d0CsVi+ZsI='
Edited by Dennis Appelt

Merge request reports