Attestation verification does not respect settings.url_replacements for "https://api.github.com"

[iwahbe]

#8820 & #8495 added attestation verification, but the attestation verification doesn't respect settings.url_replacements, leading to the confusing scenario where you can reroute a GitHub download but not it's verification.

It feels like this is a bug, and that attestation verification should respect url_replacements.

You can see that the attestation client hard-codes the API URL:

https://github.com/jdx/sigstore-verification/blob/ea6fd37bb6aaf69a977f6f11419a59923e60d44e/src/api.rs#L76-L90

[iwahbe]

This requires a upstream change to fix, so I've opened an issue upstream: jdx/sigstore-verification#32.

[SlaterByte]

I dug into this again against current main.

The upstream blocker appears to be gone: the in-tree mise-sigstore adapter already supports a configurable GitHub API base URL via verify_github_attestation_with_base_url / GitHubSource::with_base_url. The remaining issue is that mise's sigstore wrapper defaults to https://api.github.com without applying settings.url_replacements, so attestation verification can bypass the same proxy/cache that normal mise HTTP calls use.

I am planning a narrow PR that centralizes this in src/github/sigstore.rs:

• apply http::apply_url_replacements() to the GitHub API base URL before calling mise-sigstore
• keep token resolution based on the original API URL, matching the existing url_replacements behavior where auth headers are preserved for trusted proxy replacements
• leave the github backend's attestations_supported() custom-api_url gate unchanged for now, since this bug is specifically about url_replacements

I will add unit coverage for simple/regex URL replacements so future sigstore call sites inherit the behavior.

[jdx]

sounds good

[SlaterByte]

PR: #9971

[SlaterByte]

Addressed feedback from Gemini and Greptile. CI is passing :)