Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload SLSA provenance to existing release #215

Merged
merged 1 commit into from
Jan 13, 2023
Merged

Upload SLSA provenance to existing release #215

merged 1 commit into from
Jan 13, 2023

Conversation

haydentherapper
Copy link
Contributor

This changes the behavior of the provenance generator to not create a new release, since goreleaser already does. We add two steps to download the created provenance and upload it to the existing draft release.

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

Summary

Release Note

Documentation

@haydentherapper
Upload SLSA provenance to existing release
3db14cc 
This changes the behavior of the provenance generator to not create a
new release, since goreleaser already does. We add two steps to download
the created provenance and upload it to the existing draft release.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper haydentherapper mentioned this pull request Jan 12, 2023
Open
cpanato
cpanato approved these changes Jan 13, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we also can disable https://github.com/sigstore/timestamp-authority/blob/main/.goreleaser.yml#L95 then this part is not needed, but i am also fine with this

thanks!

@haydentherapper
Copy link
Contributor Author

If we disable it in goreleaser, would the artifacts that are produced as part of it still be uploaded to the release created in the slsa provenance generator step? I wasn't sure, and someone pointed me to this approach. I'll try this, but happy to change it to either!

@haydentherapper haydentherapper merged commit 4314567 into main Jan 13, 2023
@haydentherapper haydentherapper deleted the fix-release branch January 13, 2023 18:17
@haydentherapper
Copy link
Contributor Author

Testing https://github.com/sigstore/timestamp-authority/actions/runs/3913966044

@haydentherapper
Copy link
Contributor Author

Working as expected - Draft release is created, artifact is uploaded to the same tag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@hectorj2f hectorj2f hectorj2f approved these changes

@asraa asraa Awaiting requested review from asraa

@malancas malancas Awaiting requested review from malancas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@haydentherapper @hectorj2f @cpanato