add readme for validation

snowflakedb · Nov 14, 2024 · d874e07 · d874e07
1 parent 658ff04
commit d874e07
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/DESCRIPTION.rst b/DESCRIPTION.rst
@@ -7,6 +7,10 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-inges
 
 Release Notes
 -------------------------------------------------------------------------------
+- v1.0.10 (November 14, 2024)
+
+      - Update readme for artifact validation using cosign
+
 - v1.0.9 (September 10, 2024)
 
       - Fix casing for RFC-6750 conformity

diff --git a/README.rst b/README.rst
@@ -130,3 +130,19 @@ Here is a simple "hello world" example for using ingest sdk.
 
         print('\nHistory scan report: \n')
         print(history_range_resp)
+
+
+Artifact Validation
+=====
+Artifacts produced in this repository are signed by Snowflake and can be validated on the client side with the following steps.
+
+1. Install cosign following these instructions (https://edu.chainguard.dev/open-source/sigstore/cosign/how-to-install-cosign)
+2. Download the `.whl` from the repository like pypi (https://pypi.org/project/snowflake-ingest/#files)
+3. Download the `.crt` and `.sig` files for the version of artifact from the release page (https://github.com/snowflakedb/snowflake-ingest-python/releases/)
+4. Validate with cosign with the following command as an example
+
+cosign verify-blob snowflake_ingest-1.0.9-py3-none-any.whl  \
+--certificate snowflake_ingest-1.0.9-py3-none-any.whl.crt \
+--certificate-identity https://github.com/snowflakedb/snowflake-ingest-python/.github/workflows/publish-python.yaml@refs/tags/v1.0.9 \
+--certificate-oidc-issuer https://token.actions.githubusercontent.com \
+--signature snowflake_ingest-1.0.9-py3-none-any.whl.sig