Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: draft release support #1882

Merged
merged 2 commits into from
Apr 3, 2023
Merged

feat: draft release support #1882

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c80647
feat: draft release support
developer-guy Mar 27, 2023
7edab9e
Update formatting etc.
Apr 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/builder_docker-based_slsa3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,11 @@ on:
required: false
type: string
default: ""
draft-release:
description: "If true, the release is created as a draft. Defaults to false."
required: false
type: boolean
default: false
outputs:
build-outputs-name:
description: "The name of the artifact where the generated artifacts are uploaded to the artifact registry."
Expand Down Expand Up @@ -590,6 +595,7 @@ jobs:
files: |
${{ needs.build.outputs.build-outputs-name }}
${{ needs.provenance.outputs.provenance-name }}
draft: ${{ inputs.draft-release }}

- name: Upload provenance tag name
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
Expand All @@ -600,6 +606,7 @@ jobs:
files: |
${{ needs.build.outputs.build-outputs-name }}/*
${{ needs.provenance.outputs.provenance-name }}
draft: ${{ inputs.draft-release }}

###################################################################
# #
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/builder_go_slsa3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ on:
required: false
type: boolean
default: false
draft-release:
description: "If true, the release is created as a draft. Defaults to false."
required: false
type: boolean
default: false
outputs:
go-binary-name:
description: "The name of the generated binary uploaded to the artifact registry."
Expand Down Expand Up @@ -369,6 +374,7 @@ jobs:
files: |
${{ needs.build-dry.outputs.go-binary-name }}
${{ needs.provenance.outputs.go-provenance-name }}
draft: ${{ inputs.draft-release }}

- name: Upload provenance tag name
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
Expand All @@ -379,3 +385,4 @@ jobs:
files: |
${{ needs.build-dry.outputs.go-binary-name }}
${{ needs.provenance.outputs.go-provenance-name }}
draft: ${{ inputs.draft-release }}
7 changes: 7 additions & 0 deletions .github/workflows/generator_generic_slsa3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@ on:
required: false
type: boolean
default: false
draft-release:
description: "If true, the release is created as a draft. Defaults to false."
required: false
type: boolean
default: false
outputs:
release-id:
description: >
Expand Down Expand Up @@ -237,6 +242,7 @@ jobs:
if: inputs.upload-tag-name == ''
id: release-new-tags
with:
draft: ${{ inputs.draft-release }}
files: |
${{ needs.generator.outputs.provenance-name }}

Expand All @@ -245,6 +251,7 @@ jobs:
if: inputs.upload-tag-name != ''
id: release-tag-name
with:
draft: ${{ inputs.draft-release }}
tag_name: "${{ inputs.upload-tag-name }}"
files: |
${{ needs.generator.outputs.provenance-name }}
Expand Down
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,21 @@

- A new [`prerelease`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to create releases marked as prerelease when `upload-assets` is set to `true`.
- A new output `go-provenance-name` added which can be used to retrieve the name of the provenance file generated by the builder.
- A new input `draft-release` was added to allow users to create releases marked as draft when `upload-assets` is set to `true`.

### Generic generator

#### New Features

- A new input `draft-release` was added to allow users to create releases marked as draft when `upload-assets` is set to `true`.


### Docker-based generator

#### New Features

- A new input `draft-release` was added to allow users to create releases marked as draft when `upload-assets` is set to `true`.

### Container generator

#### New Features
Expand Down
3 changes: 2 additions & 1 deletion internal/builders/docker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,8 @@ Inputs:
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`my-service-account@my-project.iam.gserviceaccount.com` |
| `upload-assets` | Uploads the artifact and provenance to a GitHub release.<br>If the `upload-tag-name` was provided, then the assets are uploaded to the provided input tag. This can be used for workflow_dispatch events. Otherwise, if a new tag triggered the workflow, then the assets are uploaded to the triggering tag. |
| `upload-tag-name` | If non-empty and `upload-assets` is set to true, the provenance is uploaded to the GitHub release identified by the tag name. If a workflow is run on a new tag and `upload-tag-name` is non-empty, the new tag is ignored and the value of `upload-tag-name` is used instead to upload the assets. |
| `prerelease` | EIf true, GitHub Release is created as a pre-release. |
| `prerelease` | If true, GitHub Release is created as a pre-release. |
| `draft-release` | If true, the release is created as a draft. Defaults to false. |

Secrets:

Expand Down
1 change: 1 addition & 0 deletions internal/builders/generic/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,7 @@ The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/b
| `attestation-name` | no | "(subject name).intoto.jsonl" if a single subject. "multiple.intoto.json" if multiple subjects. | The artifact name of the signed provenance. The file must have the `intoto.jsonl` extension. DEPRECATED: use `provenance-name` instead. |
| `private-repository` | no | false | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories). |
| `continue-on-error` | no | false | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow. |
| `draft-release` | no |false | If true, the release is created as a draft |

### Workflow Outputs

Expand Down
1 change: 1 addition & 0 deletions internal/builders/go/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ The builder workflow [slsa-framework/slsa-github-generator/.github/workflows/bui
| `upload-tag-name` | no | | If specified and `upload-assets` is set to true, the provenance will be uploaded to a Github release identified by the tag-name regardless of the triggering event. |
| `prerelease` | no | | If specified and `upload-assets` is set to true, the release is created as prerelease. |
| `private-repository` | no | false | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories). |
| `draft-release` | no |false | If true, the release is created as a draft |

### Workflow Outputs

Expand Down