Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add simple test for Maven builder #253

Merged
merged 61 commits into from
Aug 14, 2023
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
fe95490
Add simple test for Maven builder
AdamKorcz Aug 2, 2023
d82c253
move maven files to e2e/
AdamKorcz Aug 2, 2023
80d23b4
add verification
AdamKorcz Aug 3, 2023
6d78b49
rb
AdamKorcz Aug 3, 2023
84e4198
rb
AdamKorcz Aug 3, 2023
df5eca0
rb
AdamKorcz Aug 3, 2023
b314251
rb
AdamKorcz Aug 3, 2023
412cb37
rb
AdamKorcz Aug 3, 2023
bf23b74
rb
AdamKorcz Aug 3, 2023
6ad6e2f
rb
AdamKorcz Aug 3, 2023
7c07965
rb
AdamKorcz Aug 3, 2023
d663cb2
rb
AdamKorcz Aug 3, 2023
ca4c370
rb
AdamKorcz Aug 3, 2023
28e6c4b
rb
AdamKorcz Aug 3, 2023
a696381
Merge pull request #1 from AdamKorcz/maven-e2e-temp
AdamKorcz Aug 3, 2023
bc78a12
add verification
AdamKorcz Aug 3, 2023
674e208
Merge pull request #2 from AdamKorcz/maven-e2e-temp
AdamKorcz Aug 4, 2023
da28dfb
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 4, 2023
9a54dd8
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 4, 2023
a9fd887
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 4, 2023
f729db4
cleanup
AdamKorcz Aug 4, 2023
5e6d548
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 4, 2023
5ff3ad0
Update e2e.maven.default.verify.sh
AdamKorcz Aug 4, 2023
4a380dc
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
AdamKorcz Aug 4, 2023
ca17076
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 4, 2023
0fea0b2
specify root directory for builder
AdamKorcz Aug 4, 2023
d344889
Merge pull request #5 from AdamKorcz/maven-e2e-temp2
AdamKorcz Aug 5, 2023
0de588f
Multiple updates
AdamKorcz Aug 7, 2023
a8478da
Merge pull request #6 from AdamKorcz/maven-e2e-temp
AdamKorcz Aug 7, 2023
385ae38
Update e2e-maven-push.sh
AdamKorcz Aug 7, 2023
f14a028
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
AdamKorcz Aug 7, 2023
b75b336
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 8, 2023
9797cc6
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 8, 2023
d5e10fd
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 8, 2023
d63df3e
Update .github/workflows/scripts/e2e-maven-push.sh
AdamKorcz Aug 8, 2023
4d8122f
Update .github/workflows/scripts/e2e-maven-push.sh
AdamKorcz Aug 8, 2023
19b59ba
Update .github/workflows/e2e.maven.workflow_dispatch.main.default.sls…
AdamKorcz Aug 8, 2023
1760c9a
move maven test files to dedicated workflow_dispatch folder
AdamKorcz Aug 8, 2023
b1176c7
prepend v to artifact version
AdamKorcz Aug 8, 2023
d83b27c
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 9, 2023
00ac3d2
Make build depend on shim
AdamKorcz Aug 9, 2023
65b91af
use e2_go_token
AdamKorcz Aug 9, 2023
b1b1b5c
switch repositories to main
AdamKorcz Aug 9, 2023
9da4a2c
Remove name of workflow
AdamKorcz Aug 9, 2023
ecabf46
use public actions for download attestations and target directory
AdamKorcz Aug 9, 2023
df1c4df
use main branch
AdamKorcz Aug 10, 2023
69ff369
get artifact name and version after checking out in verify job
AdamKorcz Aug 10, 2023
dcdf6ca
Don't run bootstrap when trigger_build is true
AdamKorcz Aug 10, 2023
150b6ab
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
0f4de69
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
e889ec6
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
2d51ca5
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
3797e7b
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
c06f6f8
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
7418167
Update e2e.maven.workflow_dispatch.main.default.slsa3.yml
laurentsimon Aug 10, 2023
54260f3
Update e2e-maven-push.sh
laurentsimon Aug 10, 2023
32a7e06
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 14, 2023
28232a8
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 14, 2023
296e84b
Update .github/workflows/scripts/e2e.maven.default.verify.sh
AdamKorcz Aug 14, 2023
206ce1f
Update .github/workflows/scripts/e2e-maven-push.sh
AdamKorcz Aug 14, 2023
cebc3f6
Update .github/workflows/scripts/e2e-maven-push.sh
AdamKorcz Aug 14, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Maven e2e test - simple
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
on:
schedule:
- cron: "0 6 * * *"
workflow_dispatch:

permissions: read-all

AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
env:
GH_TOKEN: ${{ github.token }}
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved

jobs:
bootstrap:
ianlewis marked this conversation as resolved.
Show resolved Hide resolved
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: mv e2e/maven/pom.xml ./ && cp -r e2e/maven/src ./ && rm -r e2e/maven/src
build:
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
#runs-on: ubuntu-latest
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
permissions:
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main
verify:
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
with:
name: "${{ needs.build.outputs.provenance-download-name }}"
sha256: "${{ needs.build.outputs.provenance-download-sha256 }}"
path: slsa-attestations
- uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
with:
name: target
sha256: "${{ needs.build.outputs.target-download-sha256 }}"
path: ./
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
with:
go-version: "1.18"
- env:
BINARY: ./target/test-java-project-0.1.19.jar
PROVENANCE: "slsa-attestations/${{ needs.build.outputs.provenance-download-name }}/test-java-project-0.1.19.jar.build.slsa"
BUILDER_TAG: "v2.0.0"
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
run: ./.github/workflows/scripts/e2e.maven.default.verify.sh
2 changes: 1 addition & 1 deletion .github/workflows/scripts/e2e-utils.sh
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ _e2e_verify_query() {
local expected="$2"
local query="$3"
name=$(echo -n "${attestation}" | jq -c -r "${query}")
e2e_assert_eq "${name}" "${expected}" "${query} should be ${expected}"
e2e_assert_eq "${name}" "${expected}" "${query} should be ${expected} but was ${name}"
}

# Returns the first 2 asset in a release.
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/scripts/e2e-verify.common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,11 @@ verify_provenance_authenticity() {
if [[ "$tag" == "HEAD" ]] || version_ge "$tag" "v1.3"; then
echo " **** Default parameters (annotated tags) *****"

echo "1: ${artifactAndbuilderMinArgs[@]}"
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
echo "2: ${provenanceArg[@]}"
echo "3: ${packageArg[@]}"
echo "4: ${sourceArg[@]}"
echo "5: github.com/$GITHUB_REPOSITORY"
$verifierCmd "${artifactAndbuilderMinArgs[@]}" "${provenanceArg[@]}" "${packageArg[@]}" "${sourceArg[@]}" "github.com/$GITHUB_REPOSITORY"
e2e_assert_eq "$?" "0" "not main default parameters (annotated_tags)"
elif [[ -z "$annotated_tags" ]]; then
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/scripts/e2e.delegator.default.verify.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ echo "DEBUG: file is $THIS_FILE"

export SLSA_VERIFIER_TESTING="true"

echo "finding..................."
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
find . -name *.build.slsa
find . -name "*.jar"

# Verify provenance authenticity.
# TODO(233): Update to v1.8.0 tag.
e2e_run_verifier_all_releases "HEAD"
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/scripts/e2e.maven.default.verify.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/usr/bin/env bash

# shellcheck source=/dev/null
source "./.github/workflows/scripts/e2e-verify.common.sh"

RUNNER_DEBUG=${RUNNER_DEBUG:-}
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
if [[ -n "${RUNNER_DEBUG}" ]]; then
set -x
fi
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved

go env -w GOFLAGS=-mod=mod

verify_provenance_content() {
e2e_verify_predicate_subject_name "${ATTESTATION}" "test-java-project-0.1.19.jar"
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
e2e_verify_predicate_v1_runDetails_builder_id "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
e2e_verify_predicate_v1_buildDefinition_buildType "${ATTESTATION}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
}

THIS_FILE=$(e2e_this_file)
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
BRANCH=$(echo "$THIS_FILE" | cut -d '.' -f4)
echo "branch is $BRANCH"
echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
echo "GITHUB_REF: $GITHUB_REF"
echo "DEBUG: file is $THIS_FILE"
echo "PROVENANCE is: ${PROVENANCE}"

ATTESTATION=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
export ATTESTATION
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved

export SLSA_VERIFIER_TESTING="true"

# Verify provenance content.
echo "verify_provenance_content:"
verify_provenance_content
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
163 changes: 163 additions & 0 deletions e2e/maven/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
<?xml version="1.0" encoding="UTF-8"?>
AdamKorcz marked this conversation as resolved.
Show resolved Hide resolved
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>io.github.adamkorcz</groupId>
<artifactId>test-java-project</artifactId>
<version>0.1.19</version>
<packaging>jar</packaging>
<name>Adams test java project</name>
<description>A test java project.</description>
<url>https://github.com/AdamKorcz/test-java-project</url>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<licenses>
<license>
<name>MIT License</name>
<url>http://www.opensource.org/licenses/mit-license.php</url>
</license>
</licenses>
<developers>
<developer>
<name>Adam K</name>
<email>[email protected]</email>
<organization>Ada Logics</organization>
<organizationUrl>http://www.adalogics.com</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:git://github.com/adamkorcz/test-java-project.git</connection>
<developerConnection>scm:git:ssh://github.com:simpligility/test-java-project.git</developerConnection>
<url>http://github.com/adamkorcz/test-java-project/tree/main</url>
</scm>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>package</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<configuration>
<javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.2.4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>hello.HelloWorld</mainClass>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<gpgArguments>
<argument>--pinentry-mode</argument>
<argument>loopback</argument>
</gpgArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.1</version>
<executions>
<execution>
<id>deploy-file</id>
<phase>deploy</phase>
<goals>
<goal>deploy-file</goal>
</goals>
<configuration>
<file>textfile.txt</file>
<url>https://s01.oss.sonatype.org/</url>
<repositoryId>io.github.adamkorcz</repositoryId>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>io.github.slsa-framework.slsa-github-generator</groupId>
<artifactId>hash-maven-plugin</artifactId>
<version>0.0.1</version>
<executions>
<execution>
<goals>
<goal>hash-jarfile</goal>
</goals>
</execution>
</executions>
<configuration>
<outputJsonPath>${SLSA_OUTPUTS_ARTIFACTS_FILE}</outputJsonPath>
</configuration>
</plugin>
</plugins>
</build>
</project>
7 changes: 7 additions & 0 deletions e2e/maven/src/main/java/hello/Greeter.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package hello;

public class Greeter {
public String sayHello() {
return "Hello world!";
}
}
8 changes: 8 additions & 0 deletions e2e/maven/src/main/java/hello/HelloWorld.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package hello;

public class HelloWorld {
public static void main(String[] args) {
Greeter greeter = new Greeter();
System.out.println(greeter.sayHello());
}
}
Loading