mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-06 08:37:00 +00:00
637b07fdab
https://github.com/slsa-framework/slsa-github-generator/issues/3576 Next step in https://github.com/slsa-framework/slsa-github-generator/blob/main/RELEASE.md#update-verifier Creating new test data for slsa-github-generator@v2.0.0 # Instructions: ## diff to download-artifacts.sh ``` diff --git a/download-artifacts.sh b/download-artifacts.sh old mode 100644 new mode 100755 index e5e218e8..49257ea6 --- a/download-artifacts.sh +++ b/download-artifacts.sh @@ -88,6 +88,10 @@ unzip_files() { rm -rf "${tmp_dir}" ;; + ./*.zip) + unzip -o "${zip_path}" -d "${output_path}" + ;; + *) echo "unexpected file path: ${zip_path}" exit 1 @@ -167,7 +171,7 @@ rename_java_files "test-java-project-" "maven" rename_java_files "workflow_dispatch-" "gradle" # Files downloaded. Now copy them -repo_path="../.." +repo_path="/path/to/slsa-verifier" # Go builder files. copy_files "gha_go-binary-linux-amd64-" "${repo_path}/cli/slsa-verifier/testdata/gha_go/${version}" ``` ## download the artifacts ``` ../slsa-verifier/download-artifacts.sh 8791212155 v2.0.0 ../slsa-verifier/download-artifacts.sh 8791219359 v2.0.0 ../slsa-verifier/download-artifacts.sh 8791219514 v2.0.0 ../slsa-verifier/download-artifacts.sh 8791219607 v2.0.0 ``` ## docker github auth ``` gh auth login --scopes=read:packages echo `gh auth token` | docker login ghcr.io -u ramonpetgrave64 --password-stdin cosign save \ --dir ./cli/slsa-verifier/testdata/gha_generic_container/v2.0.0/container_workflow_dispatch \ ghcr.io/slsa-framework/example-package.verifier-e2e.all.tag.main.default.slsa3@sha256:55aee984fd6b1d0e0a19a55265d10d40063a2212bdbabd75b202b1728236548d ``` --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>