Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation

This commit is contained in:
David Dworken 2023-11-08 19:03:30 -08:00
parent c802537cb7
commit 5ab1cb61a3
No known key found for this signature in database
2 changed files with 12 additions and 4 deletions

View File

@ -168,9 +168,6 @@ jobs:
hishtory-darwin-arm64-unsigned hishtory-darwin-arm64-unsigned
hishtory-darwin-amd64 hishtory-darwin-amd64
hishtory-darwin-amd64-unsigned hishtory-darwin-amd64-unsigned
- name: Trigger the backend API service so it knows a release is finished
run: |
curl https://api.hishtory.dev/api/v1/trigger-cron
# Validate the signed binaries # Validate the signed binaries
validate: validate:
@ -222,4 +219,14 @@ jobs:
run: | run: |
go build; ./hishtory install go build; ./hishtory install
python3 scripts/actions-validate.py python3 scripts/actions-validate.py
# TODO: Run validation using hishtory built at HEAD too echo DONE > hishtory-release-validation-completed
- name: Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
hishtory-release-validation-completed
- name: Trigger the backend API service so it knows a release is finished
run: |
sleep 10
curl https://api.hishtory.dev/api/v1/trigger-cron

View File

@ -66,6 +66,7 @@ def main() -> None:
validate_macos_signature(filename) validate_macos_signature(filename)
print("Starting validation of SLSA attestations") print("Starting validation of SLSA attestations")
validate_slsa("./hishtory") validate_slsa("./hishtory")
# TODO: Run validation using hishtory built at HEAD too
print("Validating other metadata") print("Validating other metadata")
validate_hishtory_status("hishtory-darwin-amd64") validate_hishtory_status("hishtory-darwin-amd64")