From 74496ab63a7efbe09a6142546f9523b879703515 Mon Sep 17 00:00:00 2001
From: Vishal Choudhary <vishal.choudhary@nirmata.com>
Date: Mon, 17 Jun 2024 13:31:45 +0530
Subject: [PATCH 1/2] feat: fix custom sigstore conformance tests (#10473)
 (#10480)

* feat: add custom sigstore conformance tests

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
---
 .github/workflows/conformance.yaml                          | 6 ++----
 .../chainsaw/custom-sigstore/standard/basic/policy.yaml     | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml
index fd486833f6e3..4355171e2a85 100644
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@@ -615,8 +615,6 @@ jobs:
               - standard
               - custom-sigstore
         k8s-version:
-          - name: v1.26
-            version: v1.26.x
           - name: v1.27
             version: v1.27.x
           - name: v1.28
@@ -644,7 +642,7 @@ jobs:
         uses: kyverno/action-install-chainsaw@995cddaee7702e849270b84fa44cdcebe7462da8 # v0.1.9
       # create cluster
       - name: Create kind cluster and setup Sigstore Scaffolding
-        uses: sigstore/scaffolding/actions/setup@2d10614e854828e2389881abe6c5cf76240897a7
+        uses: sigstore/scaffolding/actions/setup@d9197cb16e744297de67cfeef8a8e247d31206c4
         with:
           version: main
           k8s-version: ${{ matrix.k8s-version.version }}
@@ -683,7 +681,7 @@ jobs:
           TEST_IMAGE_URL=ttl.sh/${IMAGE_NAME}:1h
           crane copy cgr.dev/chainguard/static@$DIGEST $TEST_IMAGE_URL
           cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
-          COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
+          COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token $OIDC_TOKEN -y
           echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
       # run tests
       - name: Test with Chainsaw
diff --git a/test/conformance/chainsaw/custom-sigstore/standard/basic/policy.yaml b/test/conformance/chainsaw/custom-sigstore/standard/basic/policy.yaml
index 5513284a81a3..bbf59ae3110e 100644
--- a/test/conformance/chainsaw/custom-sigstore/standard/basic/policy.yaml
+++ b/test/conformance/chainsaw/custom-sigstore/standard/basic/policy.yaml
@@ -27,7 +27,7 @@ spec:
         entries:
         - keyless:
             issuer: "https://kubernetes.default.svc.cluster.local"
-            subject: "*"
+            subject: "https://kubernetes.io/namespaces/default/serviceaccounts/default"
             rekor:
               url: "{{ tufvalues.data.REKOR_URL }}"
-      required: true
\ No newline at end of file
+      required: true

From b488e68892b76f58433723ea7478a7aaadfa09b5 Mon Sep 17 00:00:00 2001
From: shuting <shuting@nirmata.com>
Date: Mon, 17 Jun 2024 17:42:52 +0800
Subject: [PATCH 2/2] release v1.12.4 (#10479)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 charts/kyverno-policies/Chart.yaml       |  4 +-
 charts/kyverno-policies/README.md        |  2 +-
 charts/kyverno/Chart.yaml                |  8 ++--
 charts/kyverno/README.md                 |  6 +--
 charts/kyverno/charts/crds/Chart.yaml    |  2 +-
 charts/kyverno/charts/crds/README.md     |  2 +-
 charts/kyverno/charts/grafana/Chart.yaml |  2 +-
 charts/kyverno/charts/grafana/README.md  |  2 +-
 config/install-latest-testing.yaml       | 60 ++++++++++++------------
 9 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml
index 59507f5dd6eb..541f6ddd2cac 100644
--- a/charts/kyverno-policies/Chart.yaml
+++ b/charts/kyverno-policies/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 type: application
 name: kyverno-policies
-version: 3.2.4-rc.2
-appVersion: v1.12.4-rc.2
+version: 3.2.4
+appVersion: v1.12.4
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Pod Security Standards implemented as Kyverno policies
 keywords:
diff --git a/charts/kyverno-policies/README.md b/charts/kyverno-policies/README.md
index 7e8138461783..7f1f1572d2cd 100644
--- a/charts/kyverno-policies/README.md
+++ b/charts/kyverno-policies/README.md
@@ -2,7 +2,7 @@
 
 Kubernetes Pod Security Standards implemented as Kyverno policies
 
-![Version: 3.2.4-rc.2](https://img.shields.io/badge/Version-3.2.4--rc.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.12.4-rc.2](https://img.shields.io/badge/AppVersion-v1.12.4--rc.2-informational?style=flat-square)
+![Version: 3.2.4](https://img.shields.io/badge/Version-3.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.12.4](https://img.shields.io/badge/AppVersion-v1.12.4-informational?style=flat-square)
 
 ## About
 
diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index d57271c82979..ee515e18df14 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 type: application
 name: kyverno
-version: 3.2.5-rc.2
-appVersion: v1.12.4-rc.2
+version: 3.2.5
+appVersion: v1.12.4
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Native Policy Management
 keywords:
@@ -37,8 +37,8 @@ annotations:
       description: make webhook pod annotations configurable
 dependencies:
   - name: grafana
-    version: 3.2.5-rc.2
+    version: 3.2.5
     condition: grafana.enabled
   - name: crds
-    version: 3.2.5-rc.2
+    version: 3.2.5
     condition: crds.install
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index eff1b4161528..8701ee69d2e0 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -2,7 +2,7 @@
 
 Kubernetes Native Policy Management
 
-![Version: 3.2.5-rc.2](https://img.shields.io/badge/Version-3.2.5--rc.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.12.4-rc.2](https://img.shields.io/badge/AppVersion-v1.12.4--rc.2-informational?style=flat-square)
+![Version: 3.2.5](https://img.shields.io/badge/Version-3.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.12.4](https://img.shields.io/badge/AppVersion-v1.12.4-informational?style=flat-square)
 
 ## About
 
@@ -925,8 +925,8 @@ Kubernetes: `>=1.25.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 3.2.5-rc.2 |
-|  | grafana | 3.2.5-rc.2 |
+|  | crds | 3.2.5 |
+|  | grafana | 3.2.5 |
 
 ## Maintainers
 
diff --git a/charts/kyverno/charts/crds/Chart.yaml b/charts/kyverno/charts/crds/Chart.yaml
index c94c0f1e8eb0..a47fed329cd6 100644
--- a/charts/kyverno/charts/crds/Chart.yaml
+++ b/charts/kyverno/charts/crds/Chart.yaml
@@ -1,3 +1,3 @@
 apiVersion: v2
 name: crds
-version: 3.2.5-rc.2
+version: 3.2.5
diff --git a/charts/kyverno/charts/crds/README.md b/charts/kyverno/charts/crds/README.md
index 9dd410a72c57..40d76eb64905 100644
--- a/charts/kyverno/charts/crds/README.md
+++ b/charts/kyverno/charts/crds/README.md
@@ -1,6 +1,6 @@
 # crds
 
-![Version: 3.2.5-rc.2](https://img.shields.io/badge/Version-3.2.5--rc.2-informational?style=flat-square)
+![Version: 3.2.5](https://img.shields.io/badge/Version-3.2.5-informational?style=flat-square)
 
 ## Values
 
diff --git a/charts/kyverno/charts/grafana/Chart.yaml b/charts/kyverno/charts/grafana/Chart.yaml
index e6e69194f680..9d7bdd7278d4 100644
--- a/charts/kyverno/charts/grafana/Chart.yaml
+++ b/charts/kyverno/charts/grafana/Chart.yaml
@@ -1,3 +1,3 @@
 apiVersion: v2
 name: grafana
-version: 3.2.5-rc.2
+version: 3.2.5
diff --git a/charts/kyverno/charts/grafana/README.md b/charts/kyverno/charts/grafana/README.md
index 68fc2dfda431..456fbda65638 100644
--- a/charts/kyverno/charts/grafana/README.md
+++ b/charts/kyverno/charts/grafana/README.md
@@ -1,6 +1,6 @@
 # grafana
 
-![Version: 3.2.5-rc.2](https://img.shields.io/badge/Version-3.2.5--rc.2-informational?style=flat-square)
+![Version: 3.2.5](https://img.shields.io/badge/Version-3.2.5-informational?style=flat-square)
 
 ## Values
 
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 54fc9b2ea88e..111fe8e33461 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -213,8 +213,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: admissionreports.kyverno.io
@@ -880,8 +880,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: backgroundscanreports.kyverno.io
@@ -1465,8 +1465,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: cleanuppolicies.kyverno.io
@@ -5149,8 +5149,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clusteradmissionreports.kyverno.io
@@ -5818,8 +5818,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterbackgroundscanreports.kyverno.io
@@ -6403,8 +6403,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clustercleanuppolicies.kyverno.io
@@ -10087,8 +10087,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterpolicies.kyverno.io
@@ -26649,8 +26649,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: globalcontextentries.kyverno.io
@@ -26898,8 +26898,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: policies.kyverno.io
@@ -43463,8 +43463,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: policyexceptions.kyverno.io
@@ -45350,8 +45350,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: updaterequests.kyverno.io
@@ -46137,8 +46137,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterephemeralreports.reports.kyverno.io
@@ -46494,8 +46494,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: ephemeralreports.reports.kyverno.io
@@ -46851,8 +46851,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterpolicyreports.wgpolicyk8s.io
@@ -47233,8 +47233,8 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: kyverno-crds
-    app.kubernetes.io/version: 3.2.5-rc.2
-    helm.sh/chart: crds-3.2.5-rc.2
+    app.kubernetes.io/version: 3.2.5
+    helm.sh/chart: crds-3.2.5
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
   name: policyreports.wgpolicyk8s.io