From fe954904368b9b5056d437d1e6e6f8cf4f084aca Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Wed, 2 Aug 2023 21:23:38 +0100
Subject: [PATCH 01/57] Add simple test for Maven builder
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../e2e.maven.push.main.default.slsa3.yml | 17 ++
pom.xml | 163 ++++++++++++++++++
src/main/java/hello/Greeter.java | 7 +
src/main/java/hello/HelloWorld.java | 8 +
4 files changed, 195 insertions(+)
create mode 100644 .github/workflows/e2e.maven.push.main.default.slsa3.yml
create mode 100644 pom.xml
create mode 100644 src/main/java/hello/Greeter.java
create mode 100644 src/main/java/hello/HelloWorld.java
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
new file mode 100644
index 0000000000..b109567b7a
--- /dev/null
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -0,0 +1,17 @@
+name: Maven e2e test - simple
+on:
+ schedule:
+ - cron: "0 6 * * *"
+ workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+ build:
+ permissions:
+ id-token: write # For signing.
+ contents: read # For repo checkout of private repos.
+ actions: read # For getting workflow run on private repos.
+ uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
+ with:
+ rekor-log-public: true
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000000..1a25343adb
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,163 @@
+
+
+ 4.0.0
+ io.github.adamkorcz
+ test-java-project
+ 0.1.19
+ jar
+ Adams test java project
+ A test java project.
+ https://github.com/AdamKorcz/test-java-project
+
+ 1.8
+ 1.8
+
+
+
+ ossrh
+ https://s01.oss.sonatype.org/content/repositories/snapshots
+
+
+ ossrh
+ https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
+
+
+
+
+ MIT License
+ http://www.opensource.org/licenses/mit-license.php
+
+
+
+
+ Adam K
+ Adam@adalogics.com
+ Ada Logics
+ http://www.adalogics.com
+
+
+
+ scm:git:git://github.com/adamkorcz/test-java-project.git
+ scm:git:ssh://github.com:simpligility/test-java-project.git
+ http://github.com/adamkorcz/test-java-project/tree/main
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 2.2.1
+
+
+ attach-sources
+ package
+
+ jar-no-fork
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 2.9.1
+
+ ${java.home}/bin/javadoc
+
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-shade-plugin
+ 3.2.4
+
+
+ package
+
+ shade
+
+
+
+
+ hello.HelloWorld
+
+
+
+
+
+
+
+ org.sonatype.plugins
+ nexus-staging-maven-plugin
+ 1.6.7
+ true
+
+ ossrh
+ https://s01.oss.sonatype.org/
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 3.1.0
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+ 3.1.1
+
+
+ deploy-file
+ deploy
+
+ deploy-file
+
+
+ textfile.txt
+ https://s01.oss.sonatype.org/
+ io.github.adamkorcz
+
+
+
+
+
+ io.github.slsa-framework.slsa-github-generator
+ hash-maven-plugin
+ 0.0.1
+
+
+
+ hash-jarfile
+
+
+
+
+ ${SLSA_OUTPUTS_ARTIFACTS_FILE}
+
+
+
+
+
diff --git a/src/main/java/hello/Greeter.java b/src/main/java/hello/Greeter.java
new file mode 100644
index 0000000000..f92a442354
--- /dev/null
+++ b/src/main/java/hello/Greeter.java
@@ -0,0 +1,7 @@
+package hello;
+
+public class Greeter {
+ public String sayHello() {
+ return "Hello world!";
+ }
+}
diff --git a/src/main/java/hello/HelloWorld.java b/src/main/java/hello/HelloWorld.java
new file mode 100644
index 0000000000..1626b45cbd
--- /dev/null
+++ b/src/main/java/hello/HelloWorld.java
@@ -0,0 +1,8 @@
+package hello;
+
+public class HelloWorld {
+ public static void main(String[] args) {
+ Greeter greeter = new Greeter();
+ System.out.println(greeter.sayHello());
+ }
+}
From d82c25394aba2ade7c2a2d7dc3fa79482f10949e Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 2 Aug 2023 23:19:23 +0100
Subject: [PATCH 02/57] move maven files to e2e/
Signed-off-by: AdamKorcz
---
.../e2e.maven.push.main.default.slsa3.yml | 10 +-
e2e/maven/pom.xml | 163 ++++++++++++++++++
e2e/maven/src/main/java/hello/Greeter.java | 7 +
e2e/maven/src/main/java/hello/HelloWorld.java | 8 +
4 files changed, 186 insertions(+), 2 deletions(-)
create mode 100644 e2e/maven/pom.xml
create mode 100644 e2e/maven/src/main/java/hello/Greeter.java
create mode 100644 e2e/maven/src/main/java/hello/HelloWorld.java
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index b109567b7a..36dadfee0b 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -7,11 +7,17 @@ on:
permissions: read-all
jobs:
+ bootstrap:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ - run: mv e2e/maven/pom.xml ./ && mv e2e/maven/src ./
build:
+ runs-on: ubuntu-latest
permissions:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
- with:
- rekor-log-public: true
diff --git a/e2e/maven/pom.xml b/e2e/maven/pom.xml
new file mode 100644
index 0000000000..1a25343adb
--- /dev/null
+++ b/e2e/maven/pom.xml
@@ -0,0 +1,163 @@
+
+
+ 4.0.0
+ io.github.adamkorcz
+ test-java-project
+ 0.1.19
+ jar
+ Adams test java project
+ A test java project.
+ https://github.com/AdamKorcz/test-java-project
+
+ 1.8
+ 1.8
+
+
+
+ ossrh
+ https://s01.oss.sonatype.org/content/repositories/snapshots
+
+
+ ossrh
+ https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
+
+
+
+
+ MIT License
+ http://www.opensource.org/licenses/mit-license.php
+
+
+
+
+ Adam K
+ Adam@adalogics.com
+ Ada Logics
+ http://www.adalogics.com
+
+
+
+ scm:git:git://github.com/adamkorcz/test-java-project.git
+ scm:git:ssh://github.com:simpligility/test-java-project.git
+ http://github.com/adamkorcz/test-java-project/tree/main
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 2.2.1
+
+
+ attach-sources
+ package
+
+ jar-no-fork
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 2.9.1
+
+ ${java.home}/bin/javadoc
+
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-shade-plugin
+ 3.2.4
+
+
+ package
+
+ shade
+
+
+
+
+ hello.HelloWorld
+
+
+
+
+
+
+
+ org.sonatype.plugins
+ nexus-staging-maven-plugin
+ 1.6.7
+ true
+
+ ossrh
+ https://s01.oss.sonatype.org/
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 3.1.0
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+ 3.1.1
+
+
+ deploy-file
+ deploy
+
+ deploy-file
+
+
+ textfile.txt
+ https://s01.oss.sonatype.org/
+ io.github.adamkorcz
+
+
+
+
+
+ io.github.slsa-framework.slsa-github-generator
+ hash-maven-plugin
+ 0.0.1
+
+
+
+ hash-jarfile
+
+
+
+
+ ${SLSA_OUTPUTS_ARTIFACTS_FILE}
+
+
+
+
+
diff --git a/e2e/maven/src/main/java/hello/Greeter.java b/e2e/maven/src/main/java/hello/Greeter.java
new file mode 100644
index 0000000000..f92a442354
--- /dev/null
+++ b/e2e/maven/src/main/java/hello/Greeter.java
@@ -0,0 +1,7 @@
+package hello;
+
+public class Greeter {
+ public String sayHello() {
+ return "Hello world!";
+ }
+}
diff --git a/e2e/maven/src/main/java/hello/HelloWorld.java b/e2e/maven/src/main/java/hello/HelloWorld.java
new file mode 100644
index 0000000000..1626b45cbd
--- /dev/null
+++ b/e2e/maven/src/main/java/hello/HelloWorld.java
@@ -0,0 +1,8 @@
+package hello;
+
+public class HelloWorld {
+ public static void main(String[] args) {
+ Greeter greeter = new Greeter();
+ System.out.println(greeter.sayHello());
+ }
+}
From 80d23b4ac471a8837be978f50168d24ac69ac0bc Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:06:21 +0100
Subject: [PATCH 03/57] add verification
Signed-off-by: AdamKorcz
---
.../e2e.maven.push.main.default.slsa3.yml | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 36dadfee0b..f0fcb14cbf 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -21,3 +21,18 @@ jobs:
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
+ verify:
+ runs-on: ubuntu-latest
+ needs: [build]
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2
+ with:
+ name: "${{ needs.build.outputs.provenance-download-name }}"
+ sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
+ path: slsa-attestations
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2
+ with:
+ name: target
+ sha256: "${{ inputs.target-download-sha256 }}"
+ path: ./
From 6d78b492a8bb910f70458fa29ea1aa264d75daf7 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:20:21 +0100
Subject: [PATCH 04/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index f0fcb14cbf..05cc41e0a2 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -15,7 +15,7 @@ jobs:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: mv e2e/maven/pom.xml ./ && mv e2e/maven/src ./
build:
- runs-on: ubuntu-latest
+ #runs-on: ubuntu-latest
permissions:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
From 84e4198d16fd48b6714fdddbd87a9fa534153781 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:23:16 +0100
Subject: [PATCH 05/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 05cc41e0a2..c580396ae9 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -13,7 +13,7 @@ jobs:
contents: write
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- - run: mv e2e/maven/pom.xml ./ && mv e2e/maven/src ./
+ - run: mv e2e/maven/pom.xml ./ && cp -r e2e/maven/src ./ && rm -r e2e/maven/src
build:
#runs-on: ubuntu-latest
permissions:
From df5eca035367050129f551e5157a9f2cb6acbdf2 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:31:52 +0100
Subject: [PATCH 06/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index c580396ae9..7ea5d6c19b 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -34,5 +34,5 @@ jobs:
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2
with:
name: target
- sha256: "${{ inputs.target-download-sha256 }}"
+ sha256: "${{ needs.build.outputs.target-download-sha256 }}"
path: ./
From b3142514e7d5415badd4c5dcb78a078de8c2c855 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:54:26 +0100
Subject: [PATCH 07/57] rb
---
.../e2e.maven.push.main.default.slsa3.yml | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 7ea5d6c19b..df971e7b1c 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -36,3 +36,18 @@ jobs:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
path: ./
+ - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+ with:
+ go-version: "1.18"
+ - env:
+ # NOTE: We move the artifact because the verification script
+ # check that the subject name matches the filename.
+ ARTIFACT: "${{ needs.build.outputs.artifact }}"
+ run: |
+ mv "artifacts/${ARTIFACT}" .
+ - env:
+ BINARY: "${{ needs.build.outputs.artifact }}"
+ PROVENANCE: "${{ needs.build.outputs.provenance-download-name }}/${{ needs.build.outputs.artifact }}.build.slsa" # This is defined by the builder.
+ BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
+ BUILDER_TAG: "v2.0.0"
+ run: ./.github/workflows/scripts/e2e.delegator.default.verify.sh
From 412cb377acc0721abe42d70dd397dd8bde1538e1 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 12:01:24 +0100
Subject: [PATCH 08/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index df971e7b1c..fc3f5396a7 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -43,11 +43,11 @@ jobs:
# NOTE: We move the artifact because the verification script
# check that the subject name matches the filename.
ARTIFACT: "${{ needs.build.outputs.artifact }}"
- run: |
- mv "artifacts/${ARTIFACT}" .
+ #run: |
+ # mv "artifacts/${ARTIFACT}" .
- env:
BINARY: "${{ needs.build.outputs.artifact }}"
- PROVENANCE: "${{ needs.build.outputs.provenance-download-name }}/${{ needs.build.outputs.artifact }}.build.slsa" # This is defined by the builder.
+ PROVENANCE: "${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
BUILDER_TAG: "v2.0.0"
run: ./.github/workflows/scripts/e2e.delegator.default.verify.sh
From bf23b745a73511a796bc5b962b799e077d440330 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 12:03:53 +0100
Subject: [PATCH 09/57] rb
---
.../workflows/e2e.maven.push.main.default.slsa3.yml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index fc3f5396a7..5b44a58109 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -39,12 +39,12 @@ jobs:
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.18"
- - env:
- # NOTE: We move the artifact because the verification script
- # check that the subject name matches the filename.
- ARTIFACT: "${{ needs.build.outputs.artifact }}"
- #run: |
- # mv "artifacts/${ARTIFACT}" .
+# - env:
+# # NOTE: We move the artifact because the verification script
+# # check that the subject name matches the filename.
+# ARTIFACT: "${{ needs.build.outputs.artifact }}"
+# run: |
+# mv "artifacts/${ARTIFACT}" .
- env:
BINARY: "${{ needs.build.outputs.artifact }}"
PROVENANCE: "${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
From 6ad6e2f148fa9584a87dc8e164e1819c16b2200c Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 12:30:52 +0100
Subject: [PATCH 10/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 5b44a58109..eac945a8bb 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -6,6 +6,9 @@ on:
permissions: read-all
+env:
+ GH_TOKEN: ${{ github.token }}
+
jobs:
bootstrap:
runs-on: ubuntu-latest
From 7c0796520729780924962d72089d4c45d33caa98 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 12:58:08 +0100
Subject: [PATCH 11/57] rb
---
.github/workflows/scripts/e2e-verify.common.sh | 5 +++++
.github/workflows/scripts/e2e.delegator.default.verify.sh | 3 +++
2 files changed, 8 insertions(+)
diff --git a/.github/workflows/scripts/e2e-verify.common.sh b/.github/workflows/scripts/e2e-verify.common.sh
index 22e0354b54..65fe96aa1e 100755
--- a/.github/workflows/scripts/e2e-verify.common.sh
+++ b/.github/workflows/scripts/e2e-verify.common.sh
@@ -340,6 +340,11 @@ verify_provenance_authenticity() {
if [[ "$tag" == "HEAD" ]] || version_ge "$tag" "v1.3"; then
echo " **** Default parameters (annotated tags) *****"
+ echo "1: ${artifactAndbuilderMinArgs[@]}"
+ echo "2: ${provenanceArg[@]}"
+ echo "3: ${packageArg[@]}"
+ echo "4: ${sourceArg[@]}"
+ echo "5: github.com/$GITHUB_REPOSITORY"
$verifierCmd "${artifactAndbuilderMinArgs[@]}" "${provenanceArg[@]}" "${packageArg[@]}" "${sourceArg[@]}" "github.com/$GITHUB_REPOSITORY"
e2e_assert_eq "$?" "0" "not main default parameters (annotated_tags)"
elif [[ -z "$annotated_tags" ]]; then
diff --git a/.github/workflows/scripts/e2e.delegator.default.verify.sh b/.github/workflows/scripts/e2e.delegator.default.verify.sh
index e88ff0ea61..d156f7ea21 100755
--- a/.github/workflows/scripts/e2e.delegator.default.verify.sh
+++ b/.github/workflows/scripts/e2e.delegator.default.verify.sh
@@ -39,6 +39,9 @@ echo "DEBUG: file is $THIS_FILE"
export SLSA_VERIFIER_TESTING="true"
+echo "finding..................."
+find . -name *.build.slsa
+
# Verify provenance authenticity.
# TODO(233): Update to v1.8.0 tag.
e2e_run_verifier_all_releases "HEAD"
From d663cb2f14ae27151f4766dfe7fa8a138f8e4e02 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 13:14:16 +0100
Subject: [PATCH 12/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 2 +-
.github/workflows/scripts/e2e.delegator.default.verify.sh | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index eac945a8bb..37274141be 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -50,7 +50,7 @@ jobs:
# mv "artifacts/${ARTIFACT}" .
- env:
BINARY: "${{ needs.build.outputs.artifact }}"
- PROVENANCE: "${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
+ PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
BUILDER_TAG: "v2.0.0"
run: ./.github/workflows/scripts/e2e.delegator.default.verify.sh
diff --git a/.github/workflows/scripts/e2e.delegator.default.verify.sh b/.github/workflows/scripts/e2e.delegator.default.verify.sh
index d156f7ea21..485d0d492d 100755
--- a/.github/workflows/scripts/e2e.delegator.default.verify.sh
+++ b/.github/workflows/scripts/e2e.delegator.default.verify.sh
@@ -41,6 +41,7 @@ export SLSA_VERIFIER_TESTING="true"
echo "finding..................."
find . -name *.build.slsa
+find . -name "*.jar"
# Verify provenance authenticity.
# TODO(233): Update to v1.8.0 tag.
From ca4c370f0d9e51fa554bcb38fa79c6f543b1d725 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 13:24:47 +0100
Subject: [PATCH 13/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 37274141be..9db29c521a 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -49,7 +49,7 @@ jobs:
# run: |
# mv "artifacts/${ARTIFACT}" .
- env:
- BINARY: "${{ needs.build.outputs.artifact }}"
+ BINARY: ./target/test-java-project-0.1.19.jar
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
BUILDER_TAG: "v2.0.0"
From 28e6c4b3cdc3684f473ed60ce52303f7a9f58bfe Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 13:33:45 +0100
Subject: [PATCH 14/57] rb
---
.github/workflows/e2e.maven.push.main.default.slsa3.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
index 9db29c521a..c643a496fa 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.push.main.default.slsa3.yml
@@ -29,12 +29,12 @@ jobs:
needs: [build]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
with:
name: "${{ needs.build.outputs.provenance-download-name }}"
sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
path: slsa-attestations
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
with:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
From bc78a12a02f5f450080d88b3505f844eef2d63b4 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 3 Aug 2023 11:06:21 +0100
Subject: [PATCH 15/57] add verification
Signed-off-by: AdamKorcz
---
....workflow_dispatch.main.default.slsa3.yml} | 13 ++-----
.github/workflows/scripts/e2e-utils.sh | 2 +-
.../scripts/e2e.maven.default.verify.sh | 35 +++++++++++++++++++
3 files changed, 39 insertions(+), 11 deletions(-)
rename .github/workflows/{e2e.maven.push.main.default.slsa3.yml => e2e.maven.workflow_dispatch.main.default.slsa3.yml} (75%)
create mode 100755 .github/workflows/scripts/e2e.maven.default.verify.sh
diff --git a/.github/workflows/e2e.maven.push.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
similarity index 75%
rename from .github/workflows/e2e.maven.push.main.default.slsa3.yml
rename to .github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index c643a496fa..7db77b15ab 100644
--- a/.github/workflows/e2e.maven.push.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -29,12 +29,12 @@ jobs:
needs: [build]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
with:
name: "${{ needs.build.outputs.provenance-download-name }}"
sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
path: slsa-attestations
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main #v1.8.0-rc.2
+ - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
with:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
@@ -42,15 +42,8 @@ jobs:
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.18"
-# - env:
-# # NOTE: We move the artifact because the verification script
-# # check that the subject name matches the filename.
-# ARTIFACT: "${{ needs.build.outputs.artifact }}"
-# run: |
-# mv "artifacts/${ARTIFACT}" .
- env:
BINARY: ./target/test-java-project-0.1.19.jar
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
- BUILDER_ID: "https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml"
BUILDER_TAG: "v2.0.0"
- run: ./.github/workflows/scripts/e2e.delegator.default.verify.sh
+ run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
diff --git a/.github/workflows/scripts/e2e-utils.sh b/.github/workflows/scripts/e2e-utils.sh
index 12ed3097ac..6fd63a9186 100755
--- a/.github/workflows/scripts/e2e-utils.sh
+++ b/.github/workflows/scripts/e2e-utils.sh
@@ -433,7 +433,7 @@ _e2e_verify_query() {
local expected="$2"
local query="$3"
name=$(echo -n "${attestation}" | jq -c -r "${query}")
- e2e_assert_eq "${name}" "${expected}" "${query} should be ${expected}"
+ e2e_assert_eq "${name}" "${expected}" "${query} should be ${expected} but was ${name}"
}
# Returns the first 2 asset in a release.
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
new file mode 100755
index 0000000000..43a0701941
--- /dev/null
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+# shellcheck source=/dev/null
+source "./.github/workflows/scripts/e2e-verify.common.sh"
+
+RUNNER_DEBUG=${RUNNER_DEBUG:-}
+if [[ -n "${RUNNER_DEBUG}" ]]; then
+ set -x
+fi
+
+go env -w GOFLAGS=-mod=mod
+
+verify_provenance_content() {
+ e2e_verify_predicate_subject_name "${ATTESTATION}" "test-java-project-0.1.19.jar"
+ e2e_verify_predicate_v1_runDetails_builder_id "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
+ e2e_verify_predicate_v1_buildDefinition_buildType "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
+}
+
+THIS_FILE=$(e2e_this_file)
+BRANCH=$(echo "$THIS_FILE" | cut -d '.' -f4)
+echo "branch is $BRANCH"
+echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
+echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
+echo "GITHUB_REF: $GITHUB_REF"
+echo "DEBUG: file is $THIS_FILE"
+echo "PROVENANCE is: ${PROVENANCE}"
+
+ATTESTATION=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
+export ATTESTATION
+
+export SLSA_VERIFIER_TESTING="true"
+
+# Verify provenance content.
+echo "verify_provenance_content:"
+verify_provenance_content
From da28dfbbd3520059b3c904eb528d35a6959d3fa1 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:02:21 +0100
Subject: [PATCH 16/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 7db77b15ab..893de34597 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -17,6 +17,7 @@ jobs:
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: mv e2e/maven/pom.xml ./ && cp -r e2e/maven/src ./ && rm -r e2e/maven/src
+
build:
#runs-on: ubuntu-latest
permissions:
From 9a54dd88f97b18eef1c150e98d85f926a8ab9b8d Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:02:36 +0100
Subject: [PATCH 17/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 893de34597..7c77e57538 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,4 +1,3 @@
-name: Maven e2e test - simple
on:
schedule:
- cron: "0 6 * * *"
From a9fd88765d576233d204b05192ee4374a349d79c Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:02:44 +0100
Subject: [PATCH 18/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 7c77e57538..700059a162 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -24,6 +24,7 @@ jobs:
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
+
verify:
runs-on: ubuntu-latest
needs: [build]
From f729db4e0ad0ae1b4d311579d7ab844b6466448d Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Fri, 4 Aug 2023 11:25:35 +0100
Subject: [PATCH 19/57] cleanup
Signed-off-by: AdamKorcz
---
.../workflows/scripts/e2e-verify.common.sh | 5 -
.../scripts/e2e.delegator.default.verify.sh | 4 -
.../scripts/e2e.maven.default.verify.sh | 20 +--
pom.xml | 163 ------------------
src/main/java/hello/Greeter.java | 7 -
src/main/java/hello/HelloWorld.java | 8 -
6 files changed, 10 insertions(+), 197 deletions(-)
delete mode 100644 pom.xml
delete mode 100644 src/main/java/hello/Greeter.java
delete mode 100644 src/main/java/hello/HelloWorld.java
diff --git a/.github/workflows/scripts/e2e-verify.common.sh b/.github/workflows/scripts/e2e-verify.common.sh
index 65fe96aa1e..22e0354b54 100755
--- a/.github/workflows/scripts/e2e-verify.common.sh
+++ b/.github/workflows/scripts/e2e-verify.common.sh
@@ -340,11 +340,6 @@ verify_provenance_authenticity() {
if [[ "$tag" == "HEAD" ]] || version_ge "$tag" "v1.3"; then
echo " **** Default parameters (annotated tags) *****"
- echo "1: ${artifactAndbuilderMinArgs[@]}"
- echo "2: ${provenanceArg[@]}"
- echo "3: ${packageArg[@]}"
- echo "4: ${sourceArg[@]}"
- echo "5: github.com/$GITHUB_REPOSITORY"
$verifierCmd "${artifactAndbuilderMinArgs[@]}" "${provenanceArg[@]}" "${packageArg[@]}" "${sourceArg[@]}" "github.com/$GITHUB_REPOSITORY"
e2e_assert_eq "$?" "0" "not main default parameters (annotated_tags)"
elif [[ -z "$annotated_tags" ]]; then
diff --git a/.github/workflows/scripts/e2e.delegator.default.verify.sh b/.github/workflows/scripts/e2e.delegator.default.verify.sh
index 485d0d492d..e88ff0ea61 100755
--- a/.github/workflows/scripts/e2e.delegator.default.verify.sh
+++ b/.github/workflows/scripts/e2e.delegator.default.verify.sh
@@ -39,10 +39,6 @@ echo "DEBUG: file is $THIS_FILE"
export SLSA_VERIFIER_TESTING="true"
-echo "finding..................."
-find . -name *.build.slsa
-find . -name "*.jar"
-
# Verify provenance authenticity.
# TODO(233): Update to v1.8.0 tag.
e2e_run_verifier_all_releases "HEAD"
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 43a0701941..58e898f402 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -11,23 +11,23 @@ fi
go env -w GOFLAGS=-mod=mod
verify_provenance_content() {
- e2e_verify_predicate_subject_name "${ATTESTATION}" "test-java-project-0.1.19.jar"
- e2e_verify_predicate_v1_runDetails_builder_id "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
- e2e_verify_predicate_v1_buildDefinition_buildType "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
+ local attestation
+ attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
+
+ e2e_verify_predicate_subject_name "${attestation}" "test-java-project-0.1.19.jar"
+ e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
+ e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
}
-THIS_FILE=$(e2e_this_file)
-BRANCH=$(echo "$THIS_FILE" | cut -d '.' -f4)
-echo "branch is $BRANCH"
+this_file=$(e2e_this_file)
+branch=$(echo "$this_file" | cut -d '.' -f4)
+echo "branch is $branch"
echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
echo "GITHUB_REF: $GITHUB_REF"
-echo "DEBUG: file is $THIS_FILE"
+echo "DEBUG: file is $this_file"
echo "PROVENANCE is: ${PROVENANCE}"
-ATTESTATION=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
-export ATTESTATION
-
export SLSA_VERIFIER_TESTING="true"
# Verify provenance content.
diff --git a/pom.xml b/pom.xml
deleted file mode 100644
index 1a25343adb..0000000000
--- a/pom.xml
+++ /dev/null
@@ -1,163 +0,0 @@
-
-
- 4.0.0
- io.github.adamkorcz
- test-java-project
- 0.1.19
- jar
- Adams test java project
- A test java project.
- https://github.com/AdamKorcz/test-java-project
-
- 1.8
- 1.8
-
-
-
- ossrh
- https://s01.oss.sonatype.org/content/repositories/snapshots
-
-
- ossrh
- https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
-
-
- MIT License
- http://www.opensource.org/licenses/mit-license.php
-
-
-
-
- Adam K
- Adam@adalogics.com
- Ada Logics
- http://www.adalogics.com
-
-
-
- scm:git:git://github.com/adamkorcz/test-java-project.git
- scm:git:ssh://github.com:simpligility/test-java-project.git
- http://github.com/adamkorcz/test-java-project/tree/main
-
-
-
-
- org.apache.maven.plugins
- maven-source-plugin
- 2.2.1
-
-
- attach-sources
- package
-
- jar-no-fork
-
-
-
-
-
- org.apache.maven.plugins
- maven-javadoc-plugin
- 2.9.1
-
- ${java.home}/bin/javadoc
-
-
-
- attach-javadocs
-
- jar
-
-
-
-
-
- org.apache.maven.plugins
- maven-shade-plugin
- 3.2.4
-
-
- package
-
- shade
-
-
-
-
- hello.HelloWorld
-
-
-
-
-
-
-
- org.sonatype.plugins
- nexus-staging-maven-plugin
- 1.6.7
- true
-
- ossrh
- https://s01.oss.sonatype.org/
- false
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 3.1.0
-
-
- sign-artifacts
- verify
-
- sign
-
-
-
-
-
- --pinentry-mode
- loopback
-
-
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
- 3.1.1
-
-
- deploy-file
- deploy
-
- deploy-file
-
-
- textfile.txt
- https://s01.oss.sonatype.org/
- io.github.adamkorcz
-
-
-
-
-
- io.github.slsa-framework.slsa-github-generator
- hash-maven-plugin
- 0.0.1
-
-
-
- hash-jarfile
-
-
-
-
- ${SLSA_OUTPUTS_ARTIFACTS_FILE}
-
-
-
-
-
diff --git a/src/main/java/hello/Greeter.java b/src/main/java/hello/Greeter.java
deleted file mode 100644
index f92a442354..0000000000
--- a/src/main/java/hello/Greeter.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package hello;
-
-public class Greeter {
- public String sayHello() {
- return "Hello world!";
- }
-}
diff --git a/src/main/java/hello/HelloWorld.java b/src/main/java/hello/HelloWorld.java
deleted file mode 100644
index 1626b45cbd..0000000000
--- a/src/main/java/hello/HelloWorld.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package hello;
-
-public class HelloWorld {
- public static void main(String[] args) {
- Greeter greeter = new Greeter();
- System.out.println(greeter.sayHello());
- }
-}
From 5e6d548aff52dff38515ee9b37bc44eec96ddbae Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:31:30 +0100
Subject: [PATCH 20/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 58e898f402..72eaac1c2e 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -3,6 +3,10 @@
# shellcheck source=/dev/null
source "./.github/workflows/scripts/e2e-verify.common.sh"
+# Input variables
+PROVENANCE=${PROVENANCE:-}
+GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
+GITHUB_REF=${GITHUB_REF:-}
RUNNER_DEBUG=${RUNNER_DEBUG:-}
if [[ -n "${RUNNER_DEBUG}" ]]; then
set -x
From 5ff3ad08614cb1eb41b8ca1a015d859016ea4a40 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 15:29:46 +0100
Subject: [PATCH 21/57] Update e2e.maven.default.verify.sh
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 72eaac1c2e..3be4e8e967 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -18,7 +18,7 @@ verify_provenance_content() {
local attestation
attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
- e2e_verify_predicate_subject_name "${attestation}" "test-java-project-0.1.19.jar"
+ e2e_verify_predicate_subject_name "${attestation}" "${BINARY}"
e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
}
From 4a380dc2ca18006cd30793442ed77af1c59c909a Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 15:30:12 +0100
Subject: [PATCH 22/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 700059a162..5bba56cbfb 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -44,7 +44,7 @@ jobs:
with:
go-version: "1.18"
- env:
- BINARY: ./target/test-java-project-0.1.19.jar
+ BINARY: "test-java-project-0.1.19.jar"
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_TAG: "v2.0.0"
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
From ca17076b64e456a964dd73cd27bd0fd5398093b7 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:31:30 +0100
Subject: [PATCH 23/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
....maven.workflow_dispatch.main.default.slsa3.yml | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 5bba56cbfb..dc12fc7f07 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,8 +1,10 @@
+name: Maven e2e test - simple
on:
- schedule:
- - cron: "0 6 * * *"
- workflow_dispatch:
-
+ - workflow_dispatch
+# schedule:
+# - cron: "0 6 * * *"
+# workflow_dispatch:
+#
permissions: read-all
env:
@@ -23,7 +25,9 @@ jobs:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
- uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
+ uses: AdamKorcz/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@maven-builder-test-updates
+ with:
+ directory: ./e2e/maven
verify:
runs-on: ubuntu-latest
From 0fea0b2edf5652eb64ceb06e90c65bd70b923ba0 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Fri, 4 Aug 2023 15:22:01 +0100
Subject: [PATCH 24/57] specify root directory for builder
Signed-off-by: AdamKorcz
---
...n.workflow_dispatch.main.default.slsa3.yml | 25 ++++-
.github/workflows/scripts/e2e-maven-push.sh | 101 ++++++++++++++++++
.../scripts/e2e.maven.default.verify.sh | 3 +-
e2e/maven/pom.xml | 2 +-
4 files changed, 123 insertions(+), 8 deletions(-)
create mode 100755 .github/workflows/scripts/e2e-maven-push.sh
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index dc12fc7f07..5dfc31f867 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,6 +1,7 @@
-name: Maven e2e test - simple
+name: Maven e2e test - simple # TODO: Remove name
on:
- workflow_dispatch
+# TODO: Un-comment this
# schedule:
# - cron: "0 6 * * *"
# workflow_dispatch:
@@ -13,11 +14,25 @@ env:
jobs:
bootstrap:
runs-on: ubuntu-latest
+ if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
permissions:
contents: write
+ outputs:
+ artifact-version: ${{ steps.maven-push.outputs.artifact-version }}
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- - run: mv e2e/maven/pom.xml ./ && cp -r e2e/maven/src ./ && rm -r e2e/maven/src
+ - env:
+ PACKAGE_DIR: ./e2e/maven
+ id: maven-push
+ run: ./.github/workflows/scripts/e2e-maven-push.sh
+
+ if-bootstrap-failed:
+ runs-on: ubuntu-latest
+ needs: [bootstrap]
+ if: always() && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && needs.bootstrap.result != 'success'
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ - run: ./.github/workflows/scripts/e2e-report-failure.sh
build:
#runs-on: ubuntu-latest
@@ -31,7 +46,7 @@ jobs:
verify:
runs-on: ubuntu-latest
- needs: [build]
+ needs: [build, bootstrap]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
@@ -48,7 +63,7 @@ jobs:
with:
go-version: "1.18"
- env:
- BINARY: "test-java-project-0.1.19.jar"
- PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
+ ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version}}
+ PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-${{ needs.bootstrap.outputs.artifact-version}}.jar.build.slsa"
BUILDER_TAG: "v2.0.0"
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
new file mode 100755
index 0000000000..cdbc3e6f0a
--- /dev/null
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# shellcheck source=/dev/null
+source "./.github/workflows/scripts/e2e-utils.sh"
+
+# This script bumps the maven package's version number, commits it, and pushes to
+# the repository.
+
+branch=$(e2e_this_branch)
+
+echo "GITHUB_REPOSITORY: ${GITHUB_REPOSITORY}"
+gh repo clone "${GITHUB_REPOSITORY}" -- -b maven-e2e-temp2
+repo_name=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f2)
+cd ./"$repo_name"
+
+git config --global user.name github-actions
+git config --global user.email github-actions@github.com
+
+# Set the remote url to authenticate using the token.
+git remote set-url origin "https://github-actions:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
+
+package_dir="${PACKAGE_DIR}" # specified in the e2e test yaml
+
+cd "${package_dir}"
+current_tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+if [ "${current_tag}" = "1.19.6-SNAPSHOT" ]; then
+ next_tag="1.19.7-SNAPSHOT"
+else
+ next_tag="1.19.6-SNAPSHOT"
+fi
+
+# Output the artifact name
+echo "artifact-version=${current_tag}" >> $GITHUB_OUTPUT
+
+tag=$(mvn versions:set -DnewVersion=$next_tag)
+cd -
+
+# Commit the new version.
+git commit -m "${GITHUB_WORKFLOW}" "${package_dir}/pom.xml" "${package_dir}/pom.xml"
+
+# If this is an e2e test for a tag, then tag the commit and push it.
+this_event=$(e2e_this_event)
+echo "this_event: ${this_event}"
+if [ "${this_event}" == "tag" ] || [ "${this_event}" == "create" ]; then
+ git tag "${tag}"
+fi
+
+git remote -v
+git branch
+pwd
+if [ "${branch}" != "main" ]; then
+ # Reset branch1 and push the new version.
+ # git branch -D "$branch"
+ git checkout -b "$branch"
+ if [ "${this_event}" == "tag" ] || [ "${this_event}" == "create" ]; then
+ git push --set-upstream origin "${branch}" "${tag}" -f
+ else
+ git push --set-upstream origin "$branch" -f
+ fi
+ git checkout main
+
+ # Update a dummy file to avoid https://github.com/slsa-framework/example-package/issues/44
+ date >./e2e/dummy
+ git add ./e2e/dummy
+ git commit -m "sync'ing branch1 - $(cat ./e2e/dummy)"
+ git push origin main
+else
+ if [ "${this_event}" == "tag" ] || [ "${this_event}" == "create" ]; then
+ # TODO(#213): push tag separately until bug is fixed.
+ # NOTE: If there is a concurrent update to main we want it to fail here
+ # without pushing the tag because we will lose the changes to main.
+ git push origin main
+ git push origin "${tag}"
+ else
+ git push origin maven-e2e-temp2 # TODO: CHANGE to main!!!!!!!!!!
+ fi
+fi
+
+# If this is a test for a release event, create the release.
+if [ "${this_event}" == "release" ]; then
+ this_file=$(e2e_this_file)
+ data_file=$(mktemp)
+ cat <"${data_file}"
+**E2E release creation**:
+Tag: ${tag}
+Branch: ${branch}
+Commit: ${GITHUB_SHA}
+Caller file: ${this_file}
+EOF
+
+ gh release create "${tag}" --notes-file "${data_file}" --target "${branch}"
+fi
+
+if [ "${this_event}" == "workflow_dispatch" ]; then
+ this_file=$(e2e_this_file)
+ curl -s -X POST -H "Accept: application/vnd.github.v3+json" \
+ "https://api.github.com/repos/${GITHUB_REPOSITORY}/actions/workflows/${this_file}/dispatches" \
+ -d "{\"ref\":\"${branch}\",\"inputs\":{\"trigger_build\": true}}" \
+ -H "Authorization: token ${GH_TOKEN}"
+fi
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 3be4e8e967..6b556d7862 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -18,7 +18,7 @@ verify_provenance_content() {
local attestation
attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
- e2e_verify_predicate_subject_name "${attestation}" "${BINARY}"
+ e2e_verify_predicate_subject_name "${attestation}" "test-java-project-${ARTIFACT_VERSION}.jar"
e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
}
@@ -35,5 +35,4 @@ echo "PROVENANCE is: ${PROVENANCE}"
export SLSA_VERIFIER_TESTING="true"
# Verify provenance content.
-echo "verify_provenance_content:"
verify_provenance_content
diff --git a/e2e/maven/pom.xml b/e2e/maven/pom.xml
index 1a25343adb..81f45246cb 100644
--- a/e2e/maven/pom.xml
+++ b/e2e/maven/pom.xml
@@ -3,7 +3,7 @@
4.0.0
io.github.adamkorcz
test-java-project
- 0.1.19
+ 1.19.7-SNAPSHOT
jar
Adams test java project
A test java project.
From 0de588f54948a5c0432b55db9b42b738fdc6fb85 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 7 Aug 2023 11:45:28 +0100
Subject: [PATCH 25/57] Multiple updates
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
...n.workflow_dispatch.main.default.slsa3.yml | 32 ++++++++-
.github/workflows/scripts/e2e-maven-push.sh | 65 ++++++++++++++++---
.../scripts/e2e.maven.default.verify.sh | 6 ++
e2e/maven/pom.xml | 2 +-
4 files changed, 94 insertions(+), 11 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 5dfc31f867..0839f3372b 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -29,10 +29,24 @@ jobs:
if-bootstrap-failed:
runs-on: ubuntu-latest
needs: [bootstrap]
- if: always() && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && needs.bootstrap.result != 'success'
+ if: always() && (github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && !inputs.trigger_build)) && needs.bootstrap.result != 'success'
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: ./.github/workflows/scripts/e2e-report-failure.sh
+
+ # Main workflow
+ ################################################################################
+ # Shim determines if the rest of the workflow should run.
+ # NOTE: it should only use the `if` to determine this and all downstream jobs
+ # should depend on this job.
+ shim:
+ # NOTE: this must be kept in sync with the if-failed job.
+ if: github.event_name == 'workflow_dispatch' && inputs.trigger_build
+ runs-on: ubuntu-latest
+ steps:
+ - run: |
+ echo "event: ${GITHUB_EVENT_NAME}"
+ echo "ref: ${GITHUB_REF}"
build:
#runs-on: ubuntu-latest
@@ -66,4 +80,20 @@ jobs:
ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version}}
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-${{ needs.bootstrap.outputs.artifact-version}}.jar.build.slsa"
BUILDER_TAG: "v2.0.0"
+ EXPECTED_ARTIFACT_OUTPUT: "Hello world!"
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
+ if-succeeded:
+ runs-on: ubuntu-latest
+ needs: [build, verify]
+ if: needs.build.result == 'success' && needs.publish.result == 'success' && needs.verify.result == 'success'
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ - run: ./.github/workflows/scripts/e2e-report-success.sh
+
+ if-failed:
+ runs-on: ubuntu-latest
+ needs: [build, verify]
+ if: always() && github.event_name == 'workflow_dispatch' && inputs.trigger_build && (needs.build.result != 'success' || needs.publish.result != 'success' || needs.verify.result != 'success')
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ - run: ./.github/workflows/scripts/e2e-report-failure.sh
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index cdbc3e6f0a..95a2e4c037 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -10,7 +10,7 @@ source "./.github/workflows/scripts/e2e-utils.sh"
branch=$(e2e_this_branch)
echo "GITHUB_REPOSITORY: ${GITHUB_REPOSITORY}"
-gh repo clone "${GITHUB_REPOSITORY}" -- -b maven-e2e-temp2
+gh repo clone "${GITHUB_REPOSITORY}" -- -b maven-e2e-temp
repo_name=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f2)
cd ./"$repo_name"
@@ -23,15 +23,62 @@ git remote set-url origin "https://github-actions:${GH_TOKEN}@github.com/${GITHU
package_dir="${PACKAGE_DIR}" # specified in the e2e test yaml
cd "${package_dir}"
-current_tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-if [ "${current_tag}" = "1.19.6-SNAPSHOT" ]; then
- next_tag="1.19.7-SNAPSHOT"
-else
- next_tag="1.19.6-SNAPSHOT"
-fi
+
+# Get the new version
+artifact_tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+
+# version_major prints the major version number.
+# Expects a string like '1.19.7'
+# version_major returns "1" if the input is '1.19.7'
+version_major() {
+ VER=$(echo $1 | cut -d '.' -f1)
+ echo "$VER"
+}
+
+# version_minor prints the minor version number.
+# Expects a string like '1.19.7'.
+# version_minor returns "19" if the input is '1.19.7'
+version_minor() {
+ VER=$(echo $1 | cut -d '.' -f2)
+ echo "$VER"
+}
+
+# version_patch prints the patch version number.
+# Expects a string like '1.19.7-SNAPSHOT.jar'
+# version_patch returns "7" if the input is '1.19.7'
+version_patch() {
+ VER=$(echo $1 | cut -d '.' -f3)
+ echo "$VER"
+}
+
+# Bumps the version
+new_version() {
+ current_tag=$1
+ release_major=$(version_major "$current_tag")
+ release_minor=$(version_minor "$current_tag")
+ release_patch=$(version_patch "$current_tag")
+
+ # These if-statements are sorted by likelihood
+ if [[ $release_patch != "99" ]]; then
+ # Only need to bump the patch
+ release_patch=$((release_patch+1))
+ elif [[ $release_patch = "99" && $release_minor != "99" ]]; then
+ # Need to bump minor
+ release_minor=$(($release_minor+1))
+ release_patch="0"
+ elif [[ $release_patch = "99" && $release_minor = "99" ]]; then
+ # Need to bump major
+ release_major=$(($release_major+1))
+ release_minor="0"
+ release_patch="0"
+ fi
+ echo $release_major.$release_minor.$release_patch
+}
+
+next_tag=$(new_version $artifact_tag)
# Output the artifact name
-echo "artifact-version=${current_tag}" >> $GITHUB_OUTPUT
+echo "artifact-version=${artifact_tag}" >> $GITHUB_OUTPUT
tag=$(mvn versions:set -DnewVersion=$next_tag)
cd -
@@ -73,7 +120,7 @@ else
git push origin main
git push origin "${tag}"
else
- git push origin maven-e2e-temp2 # TODO: CHANGE to main!!!!!!!!!!
+ git push origin maven-e2e-temp # TODO: CHANGE to main!!!!!!!!!!
fi
fi
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 6b556d7862..987dcd43c5 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -18,6 +18,12 @@ verify_provenance_content() {
local attestation
attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
+ # Run the artifact and verify the output is correct
+ artifact_output=$(java -jar target/test-java-project-"${ARTIFACT_VERSION}".jar)
+ expected_artifact_output="${EXPECTED_ARTIFACT_OUTPUT}"
+ e2e_assert_eq "${artifact_output}" "${expected_artifact_output}" "The output from the artifact should be '${expected_artifact_output}' but was '${artifact_output}'"
+
+ # Verify the content of the attestation
e2e_verify_predicate_subject_name "${attestation}" "test-java-project-${ARTIFACT_VERSION}.jar"
e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
diff --git a/e2e/maven/pom.xml b/e2e/maven/pom.xml
index 81f45246cb..689987492b 100644
--- a/e2e/maven/pom.xml
+++ b/e2e/maven/pom.xml
@@ -3,7 +3,7 @@
4.0.0
io.github.adamkorcz
test-java-project
- 1.19.7-SNAPSHOT
+ 1.19.8
jar
Adams test java project
A test java project.
From 385ae38135bbab68c53727f6fdce937f9f65afe1 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 7 Aug 2023 15:25:27 +0100
Subject: [PATCH 26/57] Update e2e-maven-push.sh
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 95a2e4c037..2ea156e6da 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -9,6 +9,10 @@ source "./.github/workflows/scripts/e2e-utils.sh"
branch=$(e2e_this_branch)
+# NOTE: We can't simply push from $branch because it is occaisonally reset to
+# the main branch. We need to maintain the version number in pom.xml
+# because you cannot overwrite a version in maven. Instead we commit to main,
+# set the tag, reset $branch and push both main and $branch.
echo "GITHUB_REPOSITORY: ${GITHUB_REPOSITORY}"
gh repo clone "${GITHUB_REPOSITORY}" -- -b maven-e2e-temp
repo_name=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f2)
From f14a028117f50bbfe3fc035d97966ec36ea67da2 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 7 Aug 2023 15:25:43 +0100
Subject: [PATCH 27/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 0839f3372b..06b5502b4f 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -49,7 +49,6 @@ jobs:
echo "ref: ${GITHUB_REF}"
build:
- #runs-on: ubuntu-latest
permissions:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
From b75b3363a4efd8585f7a54c33aba6e8910c749c6 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:33:46 +0100
Subject: [PATCH 28/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 987dcd43c5..6e9ce6e8bd 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -5,6 +5,8 @@ source "./.github/workflows/scripts/e2e-verify.common.sh"
# Input variables
PROVENANCE=${PROVENANCE:-}
+ARTIFACT_VERSION=${ARTIFACT_VERSION:-}
+EXPECTED_ARTIFACT_OUTPUT=${EXPECTED_ARTIFACT_OUTPUT:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
GITHUB_REF=${GITHUB_REF:-}
RUNNER_DEBUG=${RUNNER_DEBUG:-}
From 9797cc69037a5daa9afc8d2a5c42b514aa105514 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:34:02 +0100
Subject: [PATCH 29/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 06b5502b4f..b25374af90 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -72,6 +72,7 @@ jobs:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
path: ./
+ # NOTE: To build slsa-verifier in e2e.maven.default.verify.sh
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.18"
From d5e10fd1fd04063804ff9f9b7155671c2adddeb1 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:34:31 +0100
Subject: [PATCH 30/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index b25374af90..b31ecc1e13 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -93,7 +93,7 @@ jobs:
if-failed:
runs-on: ubuntu-latest
needs: [build, verify]
- if: always() && github.event_name == 'workflow_dispatch' && inputs.trigger_build && (needs.build.result != 'success' || needs.publish.result != 'success' || needs.verify.result != 'success')
+ if: always() && github.event_name == 'workflow_dispatch' && inputs.trigger_build && (needs.build.result != 'success' || needs.verify.result != 'success')
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: ./.github/workflows/scripts/e2e-report-failure.sh
From d63df3ebd361f9450cfb2c4e5138c12b19b30145 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:36:18 +0100
Subject: [PATCH 31/57] Update .github/workflows/scripts/e2e-maven-push.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 2ea156e6da..37d8e3d2a6 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -103,7 +103,7 @@ pwd
if [ "${branch}" != "main" ]; then
# Reset branch1 and push the new version.
# git branch -D "$branch"
- git checkout -b "$branch"
+ git checkout -b "${branch}"
if [ "${this_event}" == "tag" ] || [ "${this_event}" == "create" ]; then
git push --set-upstream origin "${branch}" "${tag}" -f
else
From 4d8122fd06cc36cde02b3fc0cb1a7758a045e24c Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:36:27 +0100
Subject: [PATCH 32/57] Update .github/workflows/scripts/e2e-maven-push.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 37d8e3d2a6..1a82ab8af0 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -107,7 +107,7 @@ if [ "${branch}" != "main" ]; then
if [ "${this_event}" == "tag" ] || [ "${this_event}" == "create" ]; then
git push --set-upstream origin "${branch}" "${tag}" -f
else
- git push --set-upstream origin "$branch" -f
+ git push --set-upstream origin "${branch}" -f
fi
git checkout main
From 19b59ba5fd54e7c1ee6d01f4e9f4a932793355f6 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Tue, 8 Aug 2023 21:37:56 +0100
Subject: [PATCH 33/57] Update
.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index b31ecc1e13..00f6910e15 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -8,6 +8,8 @@ on:
#
permissions: read-all
+concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
+
env:
GH_TOKEN: ${{ github.token }}
From 1760c9ab1bea6a5b2e5fc3142cf3a2b1ded8f94d Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Tue, 8 Aug 2023 22:19:50 +0100
Subject: [PATCH 34/57] move maven test files to dedicated workflow_dispatch
folder
Signed-off-by: AdamKorcz
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 4 ++--
e2e/maven/{ => workflow_dispatch}/pom.xml | 0
.../{ => workflow_dispatch}/src/main/java/hello/Greeter.java | 0
.../src/main/java/hello/HelloWorld.java | 0
4 files changed, 2 insertions(+), 2 deletions(-)
rename e2e/maven/{ => workflow_dispatch}/pom.xml (100%)
rename e2e/maven/{ => workflow_dispatch}/src/main/java/hello/Greeter.java (100%)
rename e2e/maven/{ => workflow_dispatch}/src/main/java/hello/HelloWorld.java (100%)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 00f6910e15..3391d18175 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -24,7 +24,7 @@ jobs:
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- env:
- PACKAGE_DIR: ./e2e/maven
+ PACKAGE_DIR: ./e2e/maven/workflow_dispatch
id: maven-push
run: ./.github/workflows/scripts/e2e-maven-push.sh
@@ -57,7 +57,7 @@ jobs:
actions: read # For getting workflow run on private repos.
uses: AdamKorcz/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@maven-builder-test-updates
with:
- directory: ./e2e/maven
+ directory: ./e2e/maven/workflow_dispatch
verify:
runs-on: ubuntu-latest
diff --git a/e2e/maven/pom.xml b/e2e/maven/workflow_dispatch/pom.xml
similarity index 100%
rename from e2e/maven/pom.xml
rename to e2e/maven/workflow_dispatch/pom.xml
diff --git a/e2e/maven/src/main/java/hello/Greeter.java b/e2e/maven/workflow_dispatch/src/main/java/hello/Greeter.java
similarity index 100%
rename from e2e/maven/src/main/java/hello/Greeter.java
rename to e2e/maven/workflow_dispatch/src/main/java/hello/Greeter.java
diff --git a/e2e/maven/src/main/java/hello/HelloWorld.java b/e2e/maven/workflow_dispatch/src/main/java/hello/HelloWorld.java
similarity index 100%
rename from e2e/maven/src/main/java/hello/HelloWorld.java
rename to e2e/maven/workflow_dispatch/src/main/java/hello/HelloWorld.java
From b1176c7f8c1ded8ae935b10a291e59d01a36ad14 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Tue, 8 Aug 2023 22:41:01 +0100
Subject: [PATCH 35/57] prepend v to artifact version
Signed-off-by: AdamKorcz
---
.github/workflows/scripts/e2e-maven-push.sh | 24 ---------------------
e2e/maven/workflow_dispatch/pom.xml | 2 +-
2 files changed, 1 insertion(+), 25 deletions(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 1a82ab8af0..d1d1c375c2 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -31,30 +31,6 @@ cd "${package_dir}"
# Get the new version
artifact_tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-# version_major prints the major version number.
-# Expects a string like '1.19.7'
-# version_major returns "1" if the input is '1.19.7'
-version_major() {
- VER=$(echo $1 | cut -d '.' -f1)
- echo "$VER"
-}
-
-# version_minor prints the minor version number.
-# Expects a string like '1.19.7'.
-# version_minor returns "19" if the input is '1.19.7'
-version_minor() {
- VER=$(echo $1 | cut -d '.' -f2)
- echo "$VER"
-}
-
-# version_patch prints the patch version number.
-# Expects a string like '1.19.7-SNAPSHOT.jar'
-# version_patch returns "7" if the input is '1.19.7'
-version_patch() {
- VER=$(echo $1 | cut -d '.' -f3)
- echo "$VER"
-}
-
# Bumps the version
new_version() {
current_tag=$1
diff --git a/e2e/maven/workflow_dispatch/pom.xml b/e2e/maven/workflow_dispatch/pom.xml
index 689987492b..082b2e5244 100644
--- a/e2e/maven/workflow_dispatch/pom.xml
+++ b/e2e/maven/workflow_dispatch/pom.xml
@@ -3,7 +3,7 @@
4.0.0
io.github.adamkorcz
test-java-project
- 1.19.8
+ v1.19.8
jar
Adams test java project
A test java project.
From d83b27cf1813806d028558a82525c923b6d29475 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Wed, 9 Aug 2023 10:29:59 +0100
Subject: [PATCH 36/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 6e9ce6e8bd..6c98388f13 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -44,3 +44,5 @@ export SLSA_VERIFIER_TESTING="true"
# Verify provenance content.
verify_provenance_content
+
+e2e_run_verifier_all_releases "2.3.0"
From 00ac3d2a9aceb77f2ffdbc2e893a8125fd66dc66 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 9 Aug 2023 10:34:21 +0100
Subject: [PATCH 37/57] Make build depend on shim
Signed-off-by: AdamKorcz
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 3391d18175..959a31d99e 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -51,6 +51,7 @@ jobs:
echo "ref: ${GITHUB_REF}"
build:
+ needs: [shim]
permissions:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
From 65b91af5f53bd46c2c64903d41ff00cc36ff3b24 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 9 Aug 2023 10:35:38 +0100
Subject: [PATCH 38/57] use e2_go_token
Signed-off-by: AdamKorcz
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 959a31d99e..b3b5582e68 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -11,7 +11,7 @@ permissions: read-all
concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
jobs:
bootstrap:
From b1b1b5c9c8e1c6349788a2c67cbb3a4deb37709b Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 9 Aug 2023 10:37:10 +0100
Subject: [PATCH 39/57] switch repositories to main
Signed-off-by: AdamKorcz
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
.github/workflows/scripts/e2e-maven-push.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index b3b5582e68..8bf399c9f6 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -56,7 +56,7 @@ jobs:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
- uses: AdamKorcz/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@maven-builder-test-updates
+ uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
with:
directory: ./e2e/maven/workflow_dispatch
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index d1d1c375c2..460e458364 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -100,7 +100,7 @@ else
git push origin main
git push origin "${tag}"
else
- git push origin maven-e2e-temp # TODO: CHANGE to main!!!!!!!!!!
+ git push origin main
fi
fi
From 9da4a2cca23425c069752ba54b3578641af889cd Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 9 Aug 2023 10:41:22 +0100
Subject: [PATCH 40/57] Remove name of workflow
Signed-off-by: AdamKorcz
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 8bf399c9f6..fb2e7aaf47 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,4 +1,3 @@
-name: Maven e2e test - simple # TODO: Remove name
on:
- workflow_dispatch
# TODO: Un-comment this
From ecabf46745f03fe74e25d86eb93297a5e64aa9ec Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Wed, 9 Aug 2023 12:01:43 +0100
Subject: [PATCH 41/57] use public actions for download attestations and target
directory
Signed-off-by: AdamKorcz
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index fb2e7aaf47..398cc02a08 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -64,12 +64,12 @@ jobs:
needs: [build, bootstrap]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
+ - uses: slsa-framework/slsa-github-generator/actions/maven/secure-download-attestations@main
with:
name: "${{ needs.build.outputs.provenance-download-name }}"
sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
path: slsa-attestations
- - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
+ - uses: slsa-framework/slsa-github-generator/actions/maven/secure-download-target@main
with:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
From df1c4dffd75cead824932e71a0dfe5d8f95fc0fb Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 10 Aug 2023 10:42:14 +0100
Subject: [PATCH 42/57] use main branch
Signed-off-by: AdamKorcz
---
.github/workflows/scripts/e2e-maven-push.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 460e458364..805d980b99 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -14,7 +14,7 @@ branch=$(e2e_this_branch)
# because you cannot overwrite a version in maven. Instead we commit to main,
# set the tag, reset $branch and push both main and $branch.
echo "GITHUB_REPOSITORY: ${GITHUB_REPOSITORY}"
-gh repo clone "${GITHUB_REPOSITORY}" -- -b maven-e2e-temp
+gh repo clone "${GITHUB_REPOSITORY}" -- -b main
repo_name=$(echo "$GITHUB_REPOSITORY" | cut -d '/' -f2)
cd ./"$repo_name"
From 69ff36995853f4adb8c6eaffa9bce63336453d1a Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 10 Aug 2023 11:36:50 +0100
Subject: [PATCH 43/57] get artifact name and version after checking out in
verify job
Signed-off-by: AdamKorcz
---
...aven.workflow_dispatch.main.default.slsa3.yml | 9 +++------
.../scripts/e2e.maven.default.verify.sh | 16 ++++++++++------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 398cc02a08..aef2bf01e5 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -18,13 +18,10 @@ jobs:
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
permissions:
contents: write
- outputs:
- artifact-version: ${{ steps.maven-push.outputs.artifact-version }}
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- env:
PACKAGE_DIR: ./e2e/maven/workflow_dispatch
- id: maven-push
run: ./.github/workflows/scripts/e2e-maven-push.sh
if-bootstrap-failed:
@@ -61,7 +58,7 @@ jobs:
verify:
runs-on: ubuntu-latest
- needs: [build, bootstrap]
+ needs: [build]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: slsa-framework/slsa-github-generator/actions/maven/secure-download-attestations@main
@@ -80,9 +77,9 @@ jobs:
go-version: "1.18"
- env:
ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version}}
- PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-${{ needs.bootstrap.outputs.artifact-version}}.jar.build.slsa"
- BUILDER_TAG: "v2.0.0"
+ PROVENANCE_DIR: "slsa-attestations/${{ needs.build.outputs.provenance-download-name"
EXPECTED_ARTIFACT_OUTPUT: "Hello world!"
+ POMXML: "./e2e/maven/workflow_dispatch/pom.xml"
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
if-succeeded:
runs-on: ubuntu-latest
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 6c98388f13..de27333ad7 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -4,9 +4,8 @@
source "./.github/workflows/scripts/e2e-verify.common.sh"
# Input variables
-PROVENANCE=${PROVENANCE:-}
-ARTIFACT_VERSION=${ARTIFACT_VERSION:-}
EXPECTED_ARTIFACT_OUTPUT=${EXPECTED_ARTIFACT_OUTPUT:-}
+PROVENANCE_DIR=${PROVENANCE_DIR:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
GITHUB_REF=${GITHUB_REF:-}
RUNNER_DEBUG=${RUNNER_DEBUG:-}
@@ -14,19 +13,24 @@ if [[ -n "${RUNNER_DEBUG}" ]]; then
set -x
fi
+artifact_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout -f "${POMXML}")
+artifact_id=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.artifactId -q -DforceStdout -f "${POMXML}")
+artifact_name="${artifact_id}-${artifact_version}.jar"
+provenance="${PROVENANCE_DIR}/${artifact_name}.build.slsa"
+
go env -w GOFLAGS=-mod=mod
verify_provenance_content() {
local attestation
- attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
+ attestation=$(jq -r '.dsseEnvelope.payload' "${provenance}" | base64 -d)
# Run the artifact and verify the output is correct
- artifact_output=$(java -jar target/test-java-project-"${ARTIFACT_VERSION}".jar)
+ artifact_output=$(java -jar target/"${artifact_name}")
expected_artifact_output="${EXPECTED_ARTIFACT_OUTPUT}"
e2e_assert_eq "${artifact_output}" "${expected_artifact_output}" "The output from the artifact should be '${expected_artifact_output}' but was '${artifact_output}'"
# Verify the content of the attestation
- e2e_verify_predicate_subject_name "${attestation}" "test-java-project-${ARTIFACT_VERSION}.jar"
+ e2e_verify_predicate_subject_name "${attestation}" "${artifact_name}"
e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
}
@@ -38,7 +42,7 @@ echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
echo "GITHUB_REF: $GITHUB_REF"
echo "DEBUG: file is $this_file"
-echo "PROVENANCE is: ${PROVENANCE}"
+echo "PROVENANCE is: ${provenance}"
export SLSA_VERIFIER_TESTING="true"
From dcdf6caa5d7154b91528c85e577c48731690cbe0 Mon Sep 17 00:00:00 2001
From: AdamKorcz
Date: Thu, 10 Aug 2023 11:47:03 +0100
Subject: [PATCH 44/57] Don't run bootstrap when trigger_build is true
Signed-off-by: AdamKorcz
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index aef2bf01e5..a035d38de0 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -15,7 +15,7 @@ env:
jobs:
bootstrap:
runs-on: ubuntu-latest
- if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+ if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && !inputs.trigger_build)
permissions:
contents: write
steps:
From 150b6ab663991d3da03f503f18935355d4a3c172 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:32:38 -0700
Subject: [PATCH 45/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index a035d38de0..7101ad46df 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,10 +1,8 @@
on:
- - workflow_dispatch
-# TODO: Un-comment this
-# schedule:
-# - cron: "0 6 * * *"
-# workflow_dispatch:
-#
+ schedule:
+ - cron: "0 6 * * *"
+ workflow_dispatch:
+
permissions: read-all
concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
From 0f4de69abdb89dfbed87ed706cb628980cae2535 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:33:31 -0700
Subject: [PATCH 46/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 7101ad46df..c0916e018d 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -8,6 +8,7 @@ permissions: read-all
concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
env:
+ # TODO(#263): create decicated token
GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
jobs:
From e889ec606c91dc99c724a3f627c7913baf7dba33 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:33:44 -0700
Subject: [PATCH 47/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index c0916e018d..3f031f848c 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -8,7 +8,7 @@ permissions: read-all
concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
env:
- # TODO(#263): create decicated token
+ # TODO(#263): create dedicated token
GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
jobs:
From 2d51ca5a1bc2f657b5478b9f9b8cc6e5c51c7586 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:38:43 -0700
Subject: [PATCH 48/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
fix some linters
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
...2e.maven.workflow_dispatch.main.default.slsa3.yml | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 3f031f848c..4f5bd41270 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -2,6 +2,12 @@ on:
schedule:
- cron: "0 6 * * *"
workflow_dispatch:
+ inputs:
+ trigger_build:
+ description: "internal: do not check"
+ required: false
+ default: false
+ type: boolean
permissions: read-all
@@ -75,15 +81,15 @@ jobs:
with:
go-version: "1.18"
- env:
- ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version}}
- PROVENANCE_DIR: "slsa-attestations/${{ needs.build.outputs.provenance-download-name"
+ ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version }}
+ PROVENANCE_DIR: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}"
EXPECTED_ARTIFACT_OUTPUT: "Hello world!"
POMXML: "./e2e/maven/workflow_dispatch/pom.xml"
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
if-succeeded:
runs-on: ubuntu-latest
needs: [build, verify]
- if: needs.build.result == 'success' && needs.publish.result == 'success' && needs.verify.result == 'success'
+ if: needs.build.result == 'success' && needs.verify.result == 'success'
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: ./.github/workflows/scripts/e2e-report-success.sh
From 3797e7bdfd3171b99b399eb4a6eeb3ccae65757f Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:40:32 -0700
Subject: [PATCH 49/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.../workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 4f5bd41270..1539f4bd99 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -81,7 +81,6 @@ jobs:
with:
go-version: "1.18"
- env:
- ARTIFACT_VERSION: ${{ needs.bootstrap.outputs.artifact-version }}
PROVENANCE_DIR: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}"
EXPECTED_ARTIFACT_OUTPUT: "Hello world!"
POMXML: "./e2e/maven/workflow_dispatch/pom.xml"
From c06f6f8953bb46b6fa3b9b78550b21763a6888cb Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:45:54 -0700
Subject: [PATCH 50/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
try fix other linter
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
....maven.workflow_dispatch.main.default.slsa3.yml | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 1539f4bd99..3b48e6fc21 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -1,8 +1,8 @@
on:
- schedule:
- - cron: "0 6 * * *"
- workflow_dispatch:
- inputs:
+ schedule:
+ - cron: "0 6 * * *"
+ workflow_dispatch:
+ inputs:
trigger_build:
description: "internal: do not check"
required: false
@@ -15,9 +15,13 @@ concurrency: "e2e-maven-workflow_dispatch-main-default-slsa3"
env:
# TODO(#263): create dedicated token
- GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
+ GH_TOKEN: ${{ secrets.E2E_NODEJS_TOKEN }}
+ ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
jobs:
+ # Bootstrap
+ ################################################################################
+
bootstrap:
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && !inputs.trigger_build)
From 7418167dad4ee0f4974b7bd4be34446449e811cb Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:48:47 -0700
Subject: [PATCH 51/57] Update
e2e.maven.workflow_dispatch.main.default.slsa3.yml
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.../e2e.maven.workflow_dispatch.main.default.slsa3.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
index 3b48e6fc21..0efacb9484 100644
--- a/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
+++ b/.github/workflows/e2e.maven.workflow_dispatch.main.default.slsa3.yml
@@ -40,7 +40,7 @@ jobs:
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: ./.github/workflows/scripts/e2e-report-failure.sh
-
+
# Main workflow
################################################################################
# Shim determines if the rest of the workflow should run.
From 54260f3597a29270794066e12193f86f7dd05053 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 10 Aug 2023 14:53:09 -0700
Subject: [PATCH 52/57] Update e2e-maven-push.sh
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 805d980b99..3e44a7f108 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -55,12 +55,12 @@ new_version() {
echo $release_major.$release_minor.$release_patch
}
-next_tag=$(new_version $artifact_tag)
+next_tag=$(new_version "${artifact_tag}")
# Output the artifact name
echo "artifact-version=${artifact_tag}" >> $GITHUB_OUTPUT
-tag=$(mvn versions:set -DnewVersion=$next_tag)
+tag=$(mvn versions:set -DnewVersion="${next_tag}")
cd -
# Commit the new version.
From 32a7e063c78f253cebba15e95ba530488e60b56e Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:39:16 +0100
Subject: [PATCH 53/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index de27333ad7..034c947651 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -49,4 +49,4 @@ export SLSA_VERIFIER_TESTING="true"
# Verify provenance content.
verify_provenance_content
-e2e_run_verifier_all_releases "2.3.0"
+e2e_run_verifier_all_releases "HEAD"
From 28232a886731bed5cb73dd821cb9f4a3c8023897 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:39:22 +0100
Subject: [PATCH 54/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 034c947651..81ae07f717 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -8,6 +8,7 @@ EXPECTED_ARTIFACT_OUTPUT=${EXPECTED_ARTIFACT_OUTPUT:-}
PROVENANCE_DIR=${PROVENANCE_DIR:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
GITHUB_REF=${GITHUB_REF:-}
+GITHUB_REF_TYPE=${GITHUB_REF_TYPE:-}
RUNNER_DEBUG=${RUNNER_DEBUG:-}
if [[ -n "${RUNNER_DEBUG}" ]]; then
set -x
From 296e84b7036001afd0fcb134d05683d7d810c375 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:39:28 +0100
Subject: [PATCH 55/57] Update
.github/workflows/scripts/e2e.maven.default.verify.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e.maven.default.verify.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/scripts/e2e.maven.default.verify.sh b/.github/workflows/scripts/e2e.maven.default.verify.sh
index 81ae07f717..ef34fba007 100755
--- a/.github/workflows/scripts/e2e.maven.default.verify.sh
+++ b/.github/workflows/scripts/e2e.maven.default.verify.sh
@@ -9,6 +9,7 @@ PROVENANCE_DIR=${PROVENANCE_DIR:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
GITHUB_REF=${GITHUB_REF:-}
GITHUB_REF_TYPE=${GITHUB_REF_TYPE:-}
+POMXML=${POMXML:-} # specified in the e2e test yaml
RUNNER_DEBUG=${RUNNER_DEBUG:-}
if [[ -n "${RUNNER_DEBUG}" ]]; then
set -x
From 206ce1f2b4ea8230da1cbac8afe84cc87e9ec290 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:39:33 +0100
Subject: [PATCH 56/57] Update .github/workflows/scripts/e2e-maven-push.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 3e44a7f108..07663530d3 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -58,7 +58,7 @@ new_version() {
next_tag=$(new_version "${artifact_tag}")
# Output the artifact name
-echo "artifact-version=${artifact_tag}" >> $GITHUB_OUTPUT
+echo "artifact-version=${artifact_tag}" >> "$GITHUB_OUTPUT"
tag=$(mvn versions:set -DnewVersion="${next_tag}")
cd -
From cebc3f65ecacf7f14579e3efdb25be122bdc7c31 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:39:44 +0100
Subject: [PATCH 57/57] Update .github/workflows/scripts/e2e-maven-push.sh
Co-authored-by: Ian Lewis
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
---
.github/workflows/scripts/e2e-maven-push.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/.github/workflows/scripts/e2e-maven-push.sh b/.github/workflows/scripts/e2e-maven-push.sh
index 07663530d3..5ff3f9daa1 100755
--- a/.github/workflows/scripts/e2e-maven-push.sh
+++ b/.github/workflows/scripts/e2e-maven-push.sh
@@ -9,6 +9,14 @@ source "./.github/workflows/scripts/e2e-utils.sh"
branch=$(e2e_this_branch)
+# Script Inputs
+GITHUB_OUTPUT=${GITHUB_OUTPUT:-}
+GITHUB_REPOSITORY=${GITHUB_REPOSITORY:-}
+GITHUB_SHA=${GITHUB_SHA:-}
+GITHUB_WORKFLOW=${GITHUB_WORKFLOW:-}
+GH_TOKEN=${GH_TOKEN:-}
+PACKAGE_DIR=${PACKAGE_DIR:-} # specified in the e2e test yaml
+
# NOTE: We can't simply push from $branch because it is occaisonally reset to
# the main branch. We need to maintain the version number in pom.xml
# because you cannot overwrite a version in maven. Instead we commit to main,