102 Commits

Author	SHA1	Message	Date
David Dworken	cef2633675	Remove tmate session for debugging	2024-03-25 20:03:10 -07:00
David Dworken	e666881dc6	Set up tmate session to debug slsa releaser	2024-03-25 19:43:21 -07:00
David Dworken	35f9ad28a8	Add SLSA validation with current binary built by SLSA	2024-03-24 21:48:01 -07:00
David Dworken	25e982603a	Disable validation with local build since it seems to fail for some reason	2024-03-24 21:45:28 -07:00
David Dworken	17f0c5720f	Re-enable SLSA verification now that we've updated the SLSA version throughout the repo	2024-03-24 20:54:48 -07:00
David Dworken	e7c2cf1883	Fully disable validation to allow an emergency release due to SLSA breakage	2024-03-24 14:50:00 -07:00
David Dworken	6626567814	Disable validation so we can push out a working binary even though SLSA is broken	2024-03-24 14:41:04 -07:00
David Dworken	c8d1b2caff	Upgrade SLSA releaser due to github.com/slsa-framework/slsa-github-generator/issues/3350	2024-03-24 10:26:55 -07:00
David Dworken	b27fde71c9	Run integration tests in parallel to speed up testing (#175) ... * Remove a few direct DB insertions to prepare for parallel tests * Revert "Remove a few direct DB insertions to prepare for parallel tests" This reverts commit f8a3552ad8. * Add rudimentary experiment of splitting tests into two chunks to make them faster * Add missing tag * Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks * Lay out the framework for checking goldens being used across all test runs * Fix missing brace * Revert "Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks" This reverts commit 06cc3eedbc. * Add initial work towards checking that all goldens are used * Delete incorrect and unreferenced matrix * Upgrade actions/upload-artifact to see if that makes the download in the next job work * Alternatively, try downloading the artifact by name * Update golden checker to read all the golden artifacts * Swap to using glob to enumerate all golden files, rather than hardcoding them * Remove debugging commands * Remove goldens that are actually used * Remove another golden that is actually used * Add more comprehensive support for test sharding * Fix references to test shards and increase shard count * Shard the fuzz test * Add debug prints * Mark additional tests for sharding * Fix logic error that broke test sharding * Remove debug print * Fix incorrect logic with skipping the fuzz test * Move sharding functions to testutils and add some comments * Upgrade all setup-go actions to enable caching of deps * Remove goldens that don't exist * Remove new line * Reduce delay * Correct stage name * Remove incorrect skip code from the first version of sharding * Remove unused import * Reduce number of test shards to match GitHub's limit of 5 concurrent macos jobs * Use cask for installing homebrew to speed up github actions * More cleanup for unused goldens	2024-02-11 11:54:27 -08:00
David Dworken	0a81799609	Remove PR trigger for SLSA releaser, since it purposefully can't run on non-master branches	2023-12-09 15:53:05 -08:00
David Dworken	5f694da421	Enable SLSA release tests for pull requests to detect issues like 3005ad8fe9 before they're merged	2023-11-25 08:24:16 -08:00
David Dworken	5cebea00af	Run SLSA validation with the production release of hishtory too	2023-11-10 18:10:46 -08:00
David Dworken	42a7b80579	Update slsa releaser to run with write permissions so it can release the hishtory-release-validation-completed file	2023-11-08 19:51:49 -08:00
David Dworken	5ab1cb61a3	Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation	2023-11-08 19:03:30 -08:00
David Dworken	c802537cb7	Shorten delay and remove tmate	2023-11-08 18:58:34 -08:00
David Dworken	a93002f045	Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact	2023-11-07 23:11:52 -08:00
David Dworken	cdd58d0191	Add tmate debugging for macos signing	2023-11-07 23:03:40 -08:00
David Dworken	465f7812ef	Update slsa-releaser.yml	2023-11-06 22:38:45 -08:00
David Dworken	4e699ff349	Update slsa-releaser.yml	2023-11-06 22:38:07 -08:00
David Dworken	90c0b787d9	Increase delay to account for GitHub artifacts being slow to publish	2023-11-06 22:05:59 -08:00
David Dworken	606ed6ccb0	Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries	2023-11-06 21:47:14 -08:00
David Dworken	eaccc7b638	Skip installing dedicated package for sha1sum since coreutils includes it	2023-11-06 21:25:52 -08:00
David Dworken	8567b4cbdf	Run sha256sum in macos signer too for debuging purposes	2023-11-06 21:17:09 -08:00
David Dworken	72be3ee0c7	Update slsa-releaser.yml	2023-11-05 20:08:54 -08:00
David Dworken	a10913f188	Update slsa-releaser.yml to run tmate even if tests pass	2023-11-05 18:38:40 -08:00
David Dworken	222340a97c	Add tmate for debugging darwin attestation failures	2023-11-05 18:25:27 -08:00
David Dworken	19ee1816be	Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet ... This reverts commit 259f6b7858.	2023-11-05 18:05:20 -08:00
David Dworken	259f6b7858	Add SLSA attestation validation with latest released hishtory binary too	2023-11-05 17:20:53 -08:00
David Dworken	1264388ea9	Swap post-release validation to happen in a dedicated python script	2023-11-05 12:57:58 -08:00
David Dworken	9834c6f492	Add validation of macos signatures	2023-11-05 12:42:00 -08:00
David Dworken	0eb362e123	Remove requests requirement since we no longer are using it	2023-11-05 12:39:07 -08:00
David Dworken	6cc7057d1e	Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos	2023-11-05 12:37:49 -08:00
David Dworken	e00bc22dfd	Add SLSA self-validation for hishtory-linux-arm64	2023-11-05 12:27:44 -08:00
David Dworken	61224a447c	Add SLSA self-validation for hishtory-darwin-arm64	2023-11-05 12:25:58 -08:00
David Dworken	be2bbb37c6	Add SLSA self-validation for hishtory-darwin-amd64	2023-11-05 12:24:47 -08:00
David Dworken	8709ec9208	Update macos signer to be stricter about ensuring the files exist, and failing if they don't	2023-11-05 12:22:47 -08:00
David Dworken	a65c3799ed	Manually download github artifact rather than using the action since the action seems to be flaky	2023-11-05 11:37:14 -08:00
David Dworken	04c915512a	Add GITHUB_TOKEN to tmate for interactive debugging	2023-11-05 10:54:37 -08:00
David Dworken	55e187d6df	Add tmate for debugging why actions/download-artifact appears to not be working	2023-11-05 10:28:05 -08:00
David Dworken	2a57ec1d73	Add ls for debugging	2023-11-05 01:33:35 -07:00
David Dworken	c918bcd3cb	Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version	2023-11-05 01:15:54 -07:00
David Dworken	c3c74970b0	Swap slsa validation to use hishtory built at head	2023-11-05 00:55:01 -07:00
David Dworken	acf46893e9	Clone repo and setup go for validation	2023-11-04 09:51:58 -07:00
David Dworken	a10a796eaa	Another attempt at getting validation to work on github actions	2023-11-03 23:36:30 -07:00
David Dworken	13ba6f38f7	Add pwd for debugging	2023-11-03 23:25:57 -07:00
David Dworken	723d04e196	Remove slsa validation for macos binaries since the artifact upload currently isn't working	2023-11-03 23:24:27 -07:00
David Dworken	dcd58fe27d	Fix SLSA releaser to specify required parameter path	2023-11-03 22:42:52 -07:00
David Dworken	92537a085c	Upload artifacts from macos signer even if this isn't a release, since they're needed for validation	2023-11-03 22:31:43 -07:00
David Dworken	da99e46e42	Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP	2023-11-03 22:18:24 -07:00
David Dworken	4673b99579	Add integration to validate macos signers too	2023-11-03 22:16:11 -07:00