Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: fix docker container provenance generation using json matrix strategy #407

Merged
merged 1 commit into from
Jun 25, 2024
Merged

build: fix docker container provenance generation using json matrix strategy #407

merged 1 commit into from
Jun 25, 2024

Conversation

rsoberano-ld
Copy link
Contributor

Requirements

  • I have added test coverage for new or changed functionality
  • I have followed the repository's pull request submission guidelines
  • I have validated my changes against all supported platform versions

Related issues

Provide links to any issues in this repository or elsewhere relating to this pull request.

Describe the solution you've provided

The SLSA generator for docker container only accepts one image/digest combination at a time, whereas goreleaser may publish multiple image/digests in one release.

The goal here is to have the goreleaser step output a JSON array with image and digest properties for each image published, like so:

[{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:abbeec99b023cd040fa89b3c30335fd123680a20a6abdff023eb1f23d65217e9"},{"image":"launchdarkly/ld-relay","digest":"sha256:ae50b3993d45ffcec26a602abbec7d4fc6f0859d7efaf8786d547d7e9f2fba47"},{"image":"launchdarkly/ld-relay","digest":"sha256:ae50b3993d45ffcec26a602abbec7d4fc6f0859d7efaf8786d547d7e9f2fba47"},{"image":"launchdarkly/ld-relay","digest":"sha256:ae50b3993d45ffcec26a602abbec7d4fc6f0859d7efaf8786d547d7e9f2fba47"},{"image":"launchdarkly/ld-relay","digest":"sha256:c6f2c654806e8adad6e0f98ab326517b02ce13e6ffb385e6d2537dade1be13c4"},{"image":"launchdarkly/ld-relay","digest":"sha256:c6f2c654806e8adad6e0f98ab326517b02ce13e6ffb385e6d2537dade1be13c4"},{"image":"launchdarkly/ld-relay","digest":"sha256:c6f2c654806e8adad6e0f98ab326517b02ce13e6ffb385e6d2537dade1be13c4"}]

Then we pass this JSON array as a matrix strategy for the provenance generator, with the idea that the provenance generator should run once per image/digest combo in the array.

Github actions are super finicky with formatting and JSON handling though, so I'm not 100% sure if this will work as we have it here - need to be able to test this somehow.

Describe alternatives you've considered

Provide a clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context about the pull request here.

@rsoberano-ld rsoberano-ld requested a review from a team June 25, 2024 02:19
@cwaldren-ld
Copy link
Contributor

https://github.com/launchdarkly/ld-relay/actions/runs/9669190375

@rsoberano-ld rsoberano-ld merged commit 5f96b5d into v8 Jun 25, 2024
15 checks passed
@rsoberano-ld rsoberano-ld deleted the rsoberano/SEC-5331/ld-relay-sigstore-slsa-fix-3 branch June 25, 2024 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwaldren-ld cwaldren-ld cwaldren-ld approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rsoberano-ld @cwaldren-ld