1
0
mirror of https://github.com/ddworken/hishtory.git synced 2025-07-13 19:08:21 +02:00

Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation

This commit is contained in:
David Dworken
2023-11-08 19:03:30 -08:00
parent c802537cb7
commit 5ab1cb61a3
2 changed files with 12 additions and 4 deletions
.github/workflows
scripts

@ -168,9 +168,6 @@ jobs:
hishtory-darwin-arm64-unsigned
hishtory-darwin-amd64
hishtory-darwin-amd64-unsigned
- name: Trigger the backend API service so it knows a release is finished
run: |
curl https://api.hishtory.dev/api/v1/trigger-cron
# Validate the signed binaries
validate:
@ -222,4 +219,14 @@ jobs:
run: |
go build; ./hishtory install
python3 scripts/actions-validate.py
# TODO: Run validation using hishtory built at HEAD too
echo DONE > hishtory-release-validation-completed
- name: Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
hishtory-release-validation-completed
- name: Trigger the backend API service so it knows a release is finished
run: |
sleep 10
curl https://api.hishtory.dev/api/v1/trigger-cron

@ -66,6 +66,7 @@ def main() -> None:
validate_macos_signature(filename)
print("Starting validation of SLSA attestations")
validate_slsa("./hishtory")
# TODO: Run validation using hishtory built at HEAD too
print("Validating other metadata")
validate_hishtory_status("hishtory-darwin-amd64")