github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 08:37:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: pre-submit: e2e-cli.sh artifact download (#646)

Browse Source 
Updates #647

Signed-off-by: Ian Lewis <ianlewis@google.com>
This commit is contained in:
Ian Lewis
2023-06-30 02:05:12 +09:00
committed by GitHub
parent 90f4f23e1e
commit e2b1828894
1 changed files with 9 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
.github/workflows/scripts/e2e-cli.sh vendored
View File

@@ -4,39 +4,29 @@ repo="slsa-framework/example-package"
api_version="X-GitHub-Api-Version: 2022-11-28"
# Verify provenance authenticity with slsa-verifier at HEAD
download_artifact() {
local run_id="$1"
local artifact_name="$2"
# Get the artifact ID for 'artifact1'
artifact_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/runs/$run_id/artifacts" | jq ".artifacts[] | select(.name == \"$artifact_name\") | .id")
echo "artifact_id:$artifact_id"
gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/artifacts/$artifact_id/zip" >"$artifact_name.zip"
unzip "$artifact_name".zip
}
# Get workflow ID.
workflow_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows?per_page=100" | jq '.workflows[] | select(.path == ".github/workflows/e2e.generic.schedule.main.multi-uses.slsa3.yml") | .id')
echo "workflow_id:$workflow_id"
echo "workflow_id:${workflow_id}"
# Get the run ID for the most recent run.
run_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows/$workflow_id/runs?per_page=1" | jq '.workflow_runs[0].id')
echo "run_id:$run_id"
echo "run_id:${run_id}"
download_artifact "$run_id" "artifacts1"
download_artifact "$run_id" "attestation1.intoto.jsonl"
gh run download -R "${repo}" -n "artifacts1" "${run_id}"
gh run download -R "${repo}" -n "attestation1.intoto.jsonl" "${run_id}"
cd __EXAMPLE_PACKAGE__ || exit 1
# shellcheck source=/dev/null
source "./.github/workflows/scripts/e2e-verify.common.sh"
cd - || exit 1
# Set THIS_FILE to correspond with the artifact properties
# HACK: Set THIS_FILE to correspond with the artifact properties
export THIS_FILE=e2e.generic.schedule.main.multi-uses.slsa3.yml
export BRANCH=main
# Set BINARY and PROVENANCE
cd - || exit 1
export BRANCH=main
export BINARY=artifact1
export PROVENANCE=attestation1.intoto.jsonl
export GITHUB_REPOSITORY="${repo}"
GITHUB_REPOSITORY="$repo" verify_provenance_authenticity "./__THIS_REPO__/slsa-verifier" "HEAD"
verify_provenance_authenticity "./__THIS_REPO__/slsa-verifier" "HEAD"