* docs: remove duplicated table of contents
Signed-off-by: Asra Ali <asraa@google.com>
* fix action installation list
Signed-off-by: Asra Ali <asraa@google.com>
---------
Signed-off-by: Asra Ali <asraa@google.com>
Update README.md
Adding an alternative option for installing slsa-verifier if you do not rely on additional tooling. The benefit of this option is improved readability.
Signed-off-by: Drew Roen <102626803+drewroengoogle@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
* Remove limit of number of artifacts to verify
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update short description
Mention that we support multiple artifacts as long as they come from the
same provenance.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Verify all artifacts passed in cmdline
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Remove header of verify step output
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Format the `cobra.Command.Use` argument
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Don't return a slice of builderIDs.
Since all images should come from the same provenance file, there's an
invariant that we will always get exactly one builderID. So, no need to
return a slice of them.
Just to preempt the case when the invariant would be broken, add a
specific check.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change existing tests to support multiple artifacts.
No new tests added, just changing table test data type.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* [nfc] Format test file
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change test to allow passing multiple artifacts.
For now, just allow passing the entire array of artifacts to command
line / arguments. The functionality should still be the same.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix typo
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix path to test artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Allow different provenance path
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Try 2 artifacts from existing testdata
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add more tests for multiple artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add failing test
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix artifact and error
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add final test: no artifact match
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update README.md
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
https://github.com/slsa-framework/slsa-verifier/pull/375#discussion_r1037775148
I found this doesn't work.
To install slsa-verifier v2 by go install, we have to release v2.0.1 or later.
```
go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.0
go: github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.0: github.com/slsa-framework/slsa-verifier@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("github.com/slsa-framework/slsa-verifier/v2")
```
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
