Skip to content

Commit

Permalink
Merge pull request #1 from AdamKorcz/maven-e2e-temp
Browse files Browse the repository at this point in the history
Maven e2e temp
  • Loading branch information
AdamKorcz authored Aug 3, 2023
2 parents d82c253 + 28e6c4b commit a696381
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 2 deletions.
37 changes: 35 additions & 2 deletions .github/workflows/e2e.maven.push.main.default.slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,51 @@ on:

permissions: read-all

env:
GH_TOKEN: ${{ github.token }}

jobs:
bootstrap:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: mv e2e/maven/pom.xml ./ && mv e2e/maven/src ./
- run: mv e2e/maven/pom.xml ./ && cp -r e2e/maven/src ./ && rm -r e2e/maven/src
build:
runs-on: ubuntu-latest
#runs-on: ubuntu-latest
permissions:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
verify:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
with:
name: "${{ needs.build.outputs.provenance-download-name }}"
sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
path: slsa-attestations
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
with:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
path: ./
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.18"
# - env:
# # NOTE: We move the artifact because the verification script
# # check that the subject name matches the filename.
# ARTIFACT: "${{ needs.build.outputs.artifact }}"
# run: |
# mv "artifacts/${ARTIFACT}" .
- env:
BINARY: ./target/test-java-project-0.1.19.jar
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
BUILDER_TAG: "v2.0.0"
run: ./.github/workflows/scripts/e2e.delegator.default.verify.sh
5 changes: 5 additions & 0 deletions .github/workflows/scripts/e2e-verify.common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,11 @@ verify_provenance_authenticity() {
if [[ "$tag" == "HEAD" ]] || version_ge "$tag" "v1.3"; then
echo " **** Default parameters (annotated tags) *****"

echo "1: ${artifactAndbuilderMinArgs[@]}"
echo "2: ${provenanceArg[@]}"
echo "3: ${packageArg[@]}"
echo "4: ${sourceArg[@]}"
echo "5: github.com/$GITHUB_REPOSITORY"
$verifierCmd "${artifactAndbuilderMinArgs[@]}" "${provenanceArg[@]}" "${packageArg[@]}" "${sourceArg[@]}" "github.com/$GITHUB_REPOSITORY"
e2e_assert_eq "$?" "0" "not main default parameters (annotated_tags)"
elif [[ -z "$annotated_tags" ]]; then
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/scripts/e2e.delegator.default.verify.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ echo "DEBUG: file is $THIS_FILE"

export SLSA_VERIFIER_TESTING="true"

echo "finding..................."
find . -name *.build.slsa
find . -name "*.jar"

# Verify provenance authenticity.
# TODO(233): Update to v1.8.0 tag.
e2e_run_verifier_all_releases "HEAD"
Expand Down

0 comments on commit a696381

Please sign in to comment.