mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-19 15:06:58 +00:00
a8e21d5a83
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3.6.0` -> `v4.1.1` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | major | `v3.1.5` -> `v4.2.5` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | major | `v3.0.2` -> `v4.1.4` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3` -> `v4` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3.8.2` -> `v4.0.2` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | major | `v3.1.3` -> `v4.3.1` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | major | `v2.24.8` -> `v3.24.9` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | major | `v3` -> `v4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@​joshmgross](https://togithub.com/joshmgross) in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - Correct link to GitHub Docs by [@​peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ##### New Contributors - [@​joshmgross](https://togithub.com/joshmgross) made their first contribution in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - [@​peterbe](https://togithub.com/peterbe) made their first contribution in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) ### [`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.2.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.5): 4.2.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5) #### What's Changed - Fixed a bug where some configuration options in external files were not being properly picked up -- [https://github.com/actions/dependency-review-action/pull/722](https://togithub.com/actions/dependency-review-action/pull/722) - Bump eslint from 8.56.0 to 8.57.0 **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5 ### [`v4.2.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.4) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4) #### What's Changed Fixed a bug in the output of OpenSSF cards for GitHub Actions. #### New Contributors - [@​sporkmonger](https://togithub.com/sporkmonger) made their first contribution in [https://github.com/actions/dependency-review-action/pull/721](https://togithub.com/actions/dependency-review-action/pull/721) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4 ### [`v4.2.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.3): 4.2.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3) #### What's Changed - Set comment as output by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/698](https://togithub.com/actions/dependency-review-action/pull/698) - Add support for calculating OpenSSF Scorecards by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - Add outputs for the changes data by [@​laughedelic](https://togithub.com/laughedelic) in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) #### New Contributors - [@​jhutchings1](https://togithub.com/jhutchings1) made their first contribution in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - [@​laughedelic](https://togithub.com/laughedelic) made their first contribution in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3 ### [`v4.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3) Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see [https://github.com/actions/dependency-review-action/issues/697](https://togithub.com/actions/dependency-review-action/issues/697)). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.2): 4.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2) #### What's Changed - Expose dependency comment content by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/696](https://togithub.com/actions/dependency-review-action/pull/696) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2 ### [`v4.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.1): 4.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1) #### What's Changed - Bump `undici` to fix [GHSA-wqq4-5wpv-mx2g](https://togithub.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g) - Bump [@​types/node](https://togithub.com/types/node) from 20.11.17 to 20.11.19 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/693](https://togithub.com/actions/dependency-review-action/pull/693) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.0): 4.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0) #### What's Changed - Add `warn-only` by [@​tgrall](https://togithub.com/tgrall) in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) Added a new configuration option (`warn-only`, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log. - Create stale.yaml by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - Use manual codeql config by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/678](https://togithub.com/actions/dependency-review-action/pull/678) - Multiple dependency updates (see the changelog below for more information) #### New Contributors - [@​jonjanego](https://togithub.com/jonjanego) made their first contribution in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - [@​tgrall](https://togithub.com/tgrall) made their first contribution in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@​takost](https://togithub.com/takost) in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) - Dependabot updates, see the full changelog for more details. #### New Contributors - [@​takost](https://togithub.com/takost) made their first contribution in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0 </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.4`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.4) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.3...v4.1.4) ##### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/307](https://togithub.com/actions/download-artifact/pull/307) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.4 ### [`v4.1.3`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.2...v4.1.3) ##### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/download-artifact/pull/292](https://togithub.com/actions/download-artifact/pull/292) - Update toolkit dependency with updated unzip logic by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/299](https://togithub.com/actions/download-artifact/pull/299) - Update [@​actions/artifact](https://togithub.com/actions/artifact) by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/303](https://togithub.com/actions/download-artifact/pull/303) ##### New Contributors - [@​bethanyj28](https://togithub.com/bethanyj28) made their first contribution in [https://github.com/actions/download-artifact/pull/299](https://togithub.com/actions/download-artifact/pull/299) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.2) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.1...v4.1.2) - Bump [@​actions/artifacts](https://togithub.com/actions/artifacts) to latest version to include [updated GHES host check](https://togithub.com/actions/toolkit/pull/1648) ### [`v4.1.1`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.0...v4.1.1) - Fix transient request timeouts [https://github.com/actions/download-artifact/issues/249](https://togithub.com/actions/download-artifact/issues/249) - Bump `@actions/artifacts` to latest version ### [`v4.1.0`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.0.0...v4.1.0) #### What's Changed - Some cleanup by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/247](https://togithub.com/actions/download-artifact/pull/247) - Fix default for run-id by [@​stchr](https://togithub.com/stchr) in [https://github.com/actions/download-artifact/pull/252](https://togithub.com/actions/download-artifact/pull/252) - Support pattern matching to filter artifacts & merge to same directory by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/259](https://togithub.com/actions/download-artifact/pull/259) #### New Contributors - [@​stchr](https://togithub.com/stchr) made their first contribution in [https://github.com/actions/download-artifact/pull/252](https://togithub.com/actions/download-artifact/pull/252) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/download-artifact/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/download-artifact/compare/v3.0.2...v4.0.0) #### What's Changed The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements. ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads *must* use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows. For more information, please see: 1. The [changelog](https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/) post. 2. The [README](https://togithub.com/actions/download-artifact/blob/main/README.md). 3. The [migration documentation](https://togithub.com/actions/upload-artifact/blob/main/docs/MIGRATION.md). 4. As well as the underlying npm package, [@​actions/artifact](https://togithub.com/actions/toolkit/tree/main/packages/artifact) documentation. #### New Contributors - [@​bflad](https://togithub.com/bflad) made their first contribution in [https://github.com/actions/download-artifact/pull/194](https://togithub.com/actions/download-artifact/pull/194) **Full Changelog**: https://github.com/actions/download-artifact/compare/v3...v4.0.0 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4`](https://togithub.com/actions/setup-node/compare/v3...v4) [Compare Source](https://togithub.com/actions/setup-node/compare/v3...v4) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.1`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.0...v4.3.1) - Bump [@​actions/artifacts](https://togithub.com/actions/artifacts) to latest version to include [updated GHES host check](https://togithub.com/actions/toolkit/pull/1648) ### [`v4.3.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.2.0...v4.3.0) ##### What's Changed - Reorganize upload code in prep for merge logic & add more tests by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/504](https://togithub.com/actions/upload-artifact/pull/504) - Add sub-action to merge artifacts by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/505](https://togithub.com/actions/upload-artifact/pull/505) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.3.0 ### [`v4.2.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.2.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.1.0...v4.2.0) ##### What's Changed - Ability to overwrite an Artifact by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/501](https://togithub.com/actions/upload-artifact/pull/501) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.2.0 ### [`v4.1.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.0.0...v4.1.0) #### What's Changed - Add migrations docs by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/482](https://togithub.com/actions/upload-artifact/pull/482) - Update README.md by [@​samuelwine](https://togithub.com/samuelwine) in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) - Support artifact-url output by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/496](https://togithub.com/actions/upload-artifact/pull/496) - Update readme to reflect new 500 artifact per job limit by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/497](https://togithub.com/actions/upload-artifact/pull/497) #### New Contributors - [@​samuelwine](https://togithub.com/samuelwine) made their first contribution in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.3...v4.0.0) #### What's Changed The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements. For more information, see the [@​actions/artifact](https://togithub.com/actions/toolkit/tree/main/packages/artifact) documentation. #### New Contributors - [@​vmjoseph](https://togithub.com/vmjoseph) made their first contribution in [https://github.com/actions/upload-artifact/pull/464](https://togithub.com/actions/upload-artifact/pull/464) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v3...v4.0.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) ### [`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) ### [`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) ### [`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) ### [`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) ### [`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) ### [`v3.24.3`](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) ### [`v3.24.2`](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) ### [`v3.24.1`](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) ### [`v3.24.0`](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) ### [`v3.23.2`](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) ### [`v3.23.1`](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) ### [`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) ### [`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) ### [`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.9...v3.22.11) ### [`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) </details> <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v4`](https://togithub.com/golangci/golangci-lint-action/compare/v3...v4) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v3...v4) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
218 lines
7.6 KiB
YAML
218 lines
7.6 KiB
YAML
name: verifier action
|
|
on:
|
|
# Daily run.
|
|
schedule:
|
|
- cron: "0 4 * * *"
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
type: string
|
|
description: The version to to test for pre-release.
|
|
required: false
|
|
|
|
permissions: read-all
|
|
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
ISSUE_REPOSITORY: ${{ github.repository }}
|
|
MINIMUM_INSTALLER_VERSION: v2.0.1
|
|
|
|
jobs:
|
|
list-verifiers:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
# NOTE: version output is a JSON list of version numbers.
|
|
# https://github.blog/changelog/2020-04-15-github-actions-new-workflow-features/#new-fromjson-method-in-expressions
|
|
# https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson
|
|
version: ${{ steps.generate-versions.outputs.version }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
# NOTE: the example-package needs to be checked out in the default workspace.
|
|
repository: slsa-framework/example-package
|
|
ref: main
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
path: __THIS_REPO__
|
|
|
|
- name: Generate verifier list
|
|
if: inputs.version == ''
|
|
id: generate-list
|
|
run: ./__THIS_REPO__/.github/workflows/scripts/schedule.actions/verifier-installer.sh
|
|
|
|
- name: Generate pre-release list
|
|
if: inputs.version != ''
|
|
id: generate-prerelease
|
|
env:
|
|
PRE_RELEASE_VERSION: ${{ inputs.version }}
|
|
run: echo "version=[\"$PRE_RELEASE_VERSION\"]" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Generate pre-release list
|
|
id: generate-versions
|
|
env:
|
|
PRE_RELEASE_VERSION: ${{ steps.generate-prerelease.outputs.version }}
|
|
LIST_VERSION: ${{ steps.generate-list.outputs.version }}
|
|
run: |
|
|
if [[ -n $PRE_RELEASE_VERSION ]]; then
|
|
echo "version=$PRE_RELEASE_VERSION" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "version=$LIST_VERSION" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
verifier-run:
|
|
needs: list-verifiers
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
version: ${{ fromJson(needs.list-verifiers.outputs.version) }}
|
|
steps:
|
|
- name: Debug
|
|
env:
|
|
VERSION: ${{ matrix.version }}
|
|
run: echo "version is '$VERSION'"
|
|
|
|
- name: Checkout this repository
|
|
# Skip release candidates unless specified explicitly.
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
ref: ${{ matrix.version }}
|
|
|
|
# Install at tag.
|
|
# ==============
|
|
- name: Run the Action at tag
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
env:
|
|
SLSA_VERIFIER_CI_ACTION_REF: ${{ matrix.version }}
|
|
uses: ./actions/installer
|
|
|
|
- name: Verify the version
|
|
env:
|
|
VERSION: ${{ matrix.version }}
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
run: |
|
|
version=$(slsa-verifier version 2>&1 | grep GitVersion | cut -d ':' -f2 | tr -d "[:space:]")
|
|
slsa-verifier version
|
|
echo "version: $version"
|
|
echo "VERSION: $VERSION"
|
|
# NOTE: the version reported by the slsa-verifier does not contain the leading `v`.
|
|
[ "$version" == "${VERSION:1}" ]
|
|
|
|
- name: Delete the binary
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
run: |
|
|
binary_path=$(which slsa-verifier)
|
|
echo "binary_path: $binary_path"
|
|
rm -rf "$binary_path"
|
|
|
|
# Install at commit sha.
|
|
# =====================
|
|
- name: Get sha1
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
id: commit
|
|
env:
|
|
VERSION: ${{ matrix.version }}
|
|
run: |
|
|
commit_sha=$(gh api -H "Accept: application/vnd.github+json" "/repos/$GITHUB_REPOSITORY/git/ref/tags/$VERSION" | jq -r '.object.sha')
|
|
echo "commit_sha=$commit_sha" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Run the Action at commit
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
env:
|
|
SLSA_VERIFIER_CI_ACTION_REF: ${{ steps.commit.outputs.commit_sha }}
|
|
uses: ./actions/installer
|
|
|
|
- name: Verify the version
|
|
env:
|
|
VERSION: ${{ matrix.version }}
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
run: |
|
|
version=$(slsa-verifier version 2>&1 | grep GitVersion | cut -d ':' -f2 | tr -d "[:space:]")
|
|
slsa-verifier version
|
|
echo "version: $version"
|
|
echo "VERSION: $VERSION"
|
|
# NOTE: the version reported by the slsa-verifier does not contain the leading `v`.
|
|
[ "$version" == "${VERSION:1}" ]
|
|
|
|
- name: Delete the binary
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
run: |
|
|
binary_path=$(which slsa-verifier)
|
|
echo "binary_path: $binary_path"
|
|
rm -rf "$binary_path"
|
|
|
|
# Install at invalid commit.
|
|
# =========================
|
|
- name: Install invalid commit
|
|
id: invalid-commit
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
continue-on-error: true
|
|
env:
|
|
SLSA_VERIFIER_CI_ACTION_REF: 55ca6286e3e4f4fba5d0448333fa99fc5a404a73
|
|
uses: ./actions/installer
|
|
- env:
|
|
SUCCESS: ${{ steps.invalid-commit.outcome == 'failure' }}
|
|
run: |
|
|
[ "$SUCCESS" == "true" ]
|
|
|
|
# Install at non-existent tag.
|
|
# =========================
|
|
- name: Install non-existent tag
|
|
id: nonexistent-tag
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
continue-on-error: true
|
|
env:
|
|
# NOTE: actions/installer checks for valid semantic version numbers.
|
|
SLSA_VERIFIER_CI_ACTION_REF: v100.3.5
|
|
uses: ./actions/installer
|
|
- env:
|
|
SUCCESS: ${{ steps.nonexistent-tag.outcome == 'failure' }}
|
|
run: |
|
|
[ "$SUCCESS" == "true" ]
|
|
|
|
# Install at empty tag.
|
|
# =====================
|
|
- name: Install empty tag
|
|
id: empty-tag
|
|
if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
|
|
continue-on-error: true
|
|
env:
|
|
SLSA_VERIFIER_CI_ACTION_REF:
|
|
uses: ./actions/installer
|
|
- env:
|
|
SUCCESS: ${{ steps.empty-tag.outcome == 'failure' }}
|
|
run: |
|
|
[ "$SUCCESS" == "true" ]
|
|
|
|
if-succeed:
|
|
needs: [verifier-run, list-verifiers]
|
|
runs-on: ubuntu-latest
|
|
# We use `== 'failure'` instead of ` != 'success'` because we want to ignore skipped jobs, if there are any.
|
|
if: inputs.version == '' && needs.verifier-run.result != 'failure' && needs.list-verifiers.result != 'failure'
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
steps:
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
repository: slsa-framework/example-package
|
|
ref: main
|
|
- run: ./.github/workflows/scripts/e2e-report-success.sh
|
|
|
|
if-failed:
|
|
needs: [verifier-run, list-verifiers]
|
|
runs-on: ubuntu-latest
|
|
if: always() && inputs.version == '' && (needs.verifier-run.result == 'failure' || needs.list-verifiers.result == 'failure')
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
steps:
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
repository: slsa-framework/example-package
|
|
ref: main
|
|
- run: ./.github/workflows/scripts/e2e-report-failure.sh
|