Add initial version of slsa releaser that validates the generated SLSA signatures

This commit is contained in:
David Dworken 2023-11-03 22:09:54 -07:00
parent 06f3501756
commit 87dee94aab
No known key found for this signature in database

View File

@ -2,6 +2,7 @@ name: SLSA Client Releaser
on:
workflow_dispatch:
push:
branches: [ master ]
tags:
- "*"
@ -141,10 +142,10 @@ jobs:
run: |
curl https://api.hishtory.dev/api/v1/trigger-cron
# Upload to GitHub release.
upload:
# Validate the signed binaries
validate:
permissions:
contents: write
contents: read
runs-on: ubuntu-latest
needs:
- build-linux-amd64
@ -169,14 +170,14 @@ jobs:
- uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
with:
name: hishtory-darwin-arm64.intoto.jsonl
- name: Release
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
if: ${{ startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') }}
with:
files: |
hishtory-linux-amd64
hishtory-linux-amd64.intoto.jsonl
hishtory-darwin-amd64
hishtory-darwin-amd64.intoto.jsonl
hishtory-darwin-arm64
hishtory-darwin-arm64.intoto.jsonl
- name: Validate Release
run: |
curl https://hishtory.dev/install.py | python3 -
source ~/.bashrc
ls
pwd
which hishtory
echo $PATH
hishtory validate-binary v0.`cat VERSION` hishtory-linux-amd64 hishtory-linux-amd64.intoto.jsonl
# TODO: Validate other binaries here