fix: Update maven helper plugin build #3746
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
loosebazooka
requested review from
laurentsimon,
joshuagl,
kpk47 and
ramonpetgrave64
as code owners
ramonpetgrave64
changed the title
5 tasks
Fix breakages Add e2e tests for maven Signed-off-by: Appu Goundan <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]>
|
@ramonpetgrave64 seems to be succeeding with https://github.com/loosebazooka/slsa-github-generator/actions/runs/10100778429 |
ramonpetgrave64
approved these changes
Jul 25, 2024
ramonpetgrave64
added a commit
that referenced
this pull request
Jul 26, 2024
Followup to #3746 Corrects the invocation of slsa-verifier Signed-off-by: Ramon Petgrave <[email protected]>
5 tasks
|
Both this repo's test and example-package's are now passing |
ramonpetgrave64
added a commit
that referenced
this pull request
Jul 26, 2024
# Summary Followup to #3746 Removes the verify job, which won't work, because the ref will be incorrect. - https://github.com/slsa-framework/slsa-github-generator/actions/runs/10115454784/job/27976327657#step:5:1 ``` WARNING: Insecure SLSA_VERIFIER_TESTING is enabled. Verifying artifact ./target/test-java-project-1.21.97.jar: FAILED: invalid ref: "refs/heads/main": unexpected ref type: "heads" FAILED: SLSA verification failed: invalid ref: "refs/heads/main": unexpected ref type: "heads" Error: Process completed with exit code 1. ``` ## Testing Process The e2e test is executed in this PR, which now passes. ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [x] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]>
ramonpetgrave64
added a commit
that referenced
this pull request
Oct 8, 2024
# Summary Followup to #3746 Removes the verify job, which won't work, because the ref will be incorrect. - https://github.com/slsa-framework/slsa-github-generator/actions/runs/10115454784/job/27976327657#step:5:1 ``` WARNING: Insecure SLSA_VERIFIER_TESTING is enabled. Verifying artifact ./target/test-java-project-1.21.97.jar: FAILED: invalid ref: "refs/heads/main": unexpected ref type: "heads" FAILED: SLSA verification failed: invalid ref: "refs/heads/main": unexpected ref type: "heads" Error: Process completed with exit code 1. ``` ## Testing Process The e2e test is executed in this PR, which now passes. ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [x] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Attempt to fix #3663 (comment)
Update the build definition for the maven slsa-hashing-plugin. It seems to be pretty old and slightly misconfigured. @ianlewis @ramonpetgrave64 This might fix the testing issue? I'm not exactly sure how to trigger the original failure though.
If after merging the fix doesn't work, then we will revert.
Testing Process
We were able to partially test the fix locally, but we can't be 100% sure until after merging.
We have an new pre-submit e2e test workflow that we can invoke from within this repo to test the changes, though a more full test should still be invoked from example-package.
Checklist