bump sigstore ~= 3.1 (#39)

Author: woodruffw

pyproject.toml

@@ -17,7 +17,7 @@ dependencies = [
     "cryptography",
     "packaging",
     "pydantic",
-    "sigstore~=3.0.0",
+    "sigstore~=3.1.0",
     "sigstore-protobuf-specs",
 ]
 requires-python = ">=3.11"
@@ -49,10 +49,7 @@ name = "pypi_attestations"
 
 [tool.coverage.run]
 # don't attempt code coverage for the CLI entrypoints
-omit = [
-    "src/pypi_attestations/_cli.py",
-    "src/pypi_attestations/__main__.py"
-]
+omit = ["src/pypi_attestations/_cli.py", "src/pypi_attestations/__main__.py"]
 
 [tool.mypy]
 mypy_path = "src"
@@ -100,7 +97,7 @@ exclude = [
     "env",
     "test",
     "src/pypi_attestations/_cli.py",
-    "src/pypi_attestations/__main__.py"
+    "src/pypi_attestations/__main__.py",
 ]
 ignore-semiprivate = true
 fail-under = 100

src/pypi_attestations/_impl.py

@@ -17,9 +17,9 @@
 from pydantic import Base64Bytes, BaseModel, field_validator
 from pydantic_core import ValidationError
 from sigstore._utils import _sha256_streaming
+from sigstore.dsse import DigestSet, StatementBuilder, Subject, _Statement
 from sigstore.dsse import Envelope as DsseEnvelope
 from sigstore.dsse import Error as DsseError
-from sigstore.dsse import _DigestSet, _Statement, _StatementBuilder, _Subject
 from sigstore.models import Bundle, LogEntry
 from sigstore.sign import ExpiredCertificate, ExpiredIdentity
 from sigstore_protobuf_specs.io.intoto import Envelope as _Envelope
@@ -128,12 +128,12 @@ def sign(cls, signer: Signer, dist: Distribution) -> Attestation:
         """
         try:
             stmt = (
-                _StatementBuilder()
+                StatementBuilder()
                 .subjects(
                     [
-                        _Subject(
+                        Subject(
                             name=dist.name,
-                            digest=_DigestSet(root={"sha256": dist.digest}),
+                            digest=DigestSet(root={"sha256": dist.digest}),
                         )
                     ]
                 )

test/test_impl.py

@@ -9,7 +9,7 @@
 import pytest
 import sigstore
 from pydantic import ValidationError
-from sigstore.dsse import _DigestSet, _StatementBuilder, _Subject
+from sigstore.dsse import DigestSet, StatementBuilder, Subject
 from sigstore.models import Bundle
 from sigstore.oidc import IdentityToken
 from sigstore.sign import SigningContext
@@ -72,12 +72,12 @@ def test_roundtrip(self, id_token: IdentityToken) -> None:
         roundtripped_attestation.verify(verifier, policy.UnsafeNoOp(), dist)
 
     def test_wrong_predicate_raises_exception(self, monkeypatch: pytest.MonkeyPatch) -> None:
-        def dummy_predicate(self_: _StatementBuilder, _: str) -> _StatementBuilder:
+        def dummy_predicate(self_: StatementBuilder, _: str) -> StatementBuilder:
             # wrong type here to have a validation error
             self_._predicate_type = False
             return self_
 
-        monkeypatch.setattr(sigstore.dsse._StatementBuilder, "predicate_type", dummy_predicate)
+        monkeypatch.setattr(sigstore.dsse.StatementBuilder, "predicate_type", dummy_predicate)
         with pytest.raises(impl.AttestationError, match="invalid statement"):
             impl.Attestation.sign(pretend.stub(), dist)
 
@@ -224,11 +224,11 @@ def test_verify_bad_payload(self) -> None:
 
     def test_verify_too_many_subjects(self) -> None:
         statement = (
-            _StatementBuilder()  # noqa: SLF001
+            StatementBuilder()  # noqa: SLF001
             .subjects(
                 [
-                    _Subject(name="foo", digest=_DigestSet(root={"sha256": "abcd"})),
-                    _Subject(name="bar", digest=_DigestSet(root={"sha256": "1234"})),
+                    Subject(name="foo", digest=DigestSet(root={"sha256": "abcd"})),
+                    Subject(name="bar", digest=DigestSet(root={"sha256": "1234"})),
                 ]
             )
             .predicate_type("foo")
@@ -253,10 +253,10 @@ def test_verify_too_many_subjects(self) -> None:
 
     def test_verify_subject_missing_name(self) -> None:
         statement = (
-            _StatementBuilder()  # noqa: SLF001
+            StatementBuilder()  # noqa: SLF001
             .subjects(
                 [
-                    _Subject(name=None, digest=_DigestSet(root={"sha256": "abcd"})),
+                    Subject(name=None, digest=DigestSet(root={"sha256": "abcd"})),
                 ]
             )
             .predicate_type("foo")
@@ -281,12 +281,12 @@ def test_verify_subject_missing_name(self) -> None:
 
     def test_verify_subject_invalid_name(self) -> None:
         statement = (
-            _StatementBuilder()  # noqa: SLF001
+            StatementBuilder()  # noqa: SLF001
             .subjects(
                 [
-                    _Subject(
+                    Subject(
                         name="foo-bar-invalid-wheel.whl",
-                        digest=_DigestSet(root={"sha256": "abcd"}),
+                        digest=DigestSet(root={"sha256": "abcd"}),
                     ),
                 ]
             )
@@ -312,12 +312,12 @@ def test_verify_subject_invalid_name(self) -> None:
 
     def test_verify_unknown_attestation_type(self) -> None:
         statement = (
-            _StatementBuilder()  # noqa: SLF001
+            StatementBuilder()  # noqa: SLF001
             .subjects(
                 [
-                    _Subject(
+                    Subject(
                         name="rfc8785-0.1.2-py3-none-any.whl",
-                        digest=_DigestSet(
+                        digest=DigestSet(
                             root={
                                 "sha256": (
                                     "c4e92e9ecc828bef2aa7dba1de8ac983511f7532a0df11c770d39099a25cf201"