Commit Graph

96 Commits

Author SHA1 Message Date
David Dworken
0328587910
Disable validation so we can push out a working binary even though SLSA is broken 2024-08-11 12:29:37 -07:00
David Dworken
4c66c4253a
Upgrade SLSA releaser due to github.com/slsa-framework/slsa-github-generator/issues/3350 2024-08-11 12:29:37 -07:00
David Dworken
33bc582d8b
Run integration tests in parallel to speed up testing (#175)
* Remove a few direct DB insertions to prepare for parallel tests

* Revert "Remove a few direct DB insertions to prepare for parallel tests"

This reverts commit f8a3552ad8.

* Add rudimentary experiment of splitting tests into two chunks to make them faster

* Add missing tag

* Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks

* Lay out the framework for checking goldens being used across all test runs

* Fix missing brace

* Revert "Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks"

This reverts commit 06cc3eedbc.

* Add initial work towards checking that all goldens are used

* Delete incorrect and unreferenced matrix

* Upgrade actions/upload-artifact to see if that makes the download in the next job work

* Alternatively, try downloading the artifact by name

* Update golden checker to read all the golden artifacts

* Swap to using glob to enumerate all golden files, rather than hardcoding them

* Remove debugging commands

* Remove goldens that are actually used

* Remove another golden that is actually used

* Add more comprehensive support for test sharding

* Fix references to test shards and increase shard count

* Shard the fuzz test

* Add debug prints

* Mark additional tests for sharding

* Fix logic error that broke test sharding

* Remove debug print

* Fix incorrect logic with skipping the fuzz test

* Move sharding functions to testutils and add some comments

* Upgrade all setup-go actions to enable caching of deps

* Remove goldens that don't exist

* Remove new line

* Reduce delay

* Correct stage name

* Remove incorrect skip code from the first version of sharding

* Remove unused import

* Reduce number of test shards to match GitHub's limit of 5 concurrent macos jobs

* Use cask for installing homebrew to speed up github actions

* More cleanup for unused goldens
2024-08-11 12:29:36 -07:00
David Dworken
0a81799609
Remove PR trigger for SLSA releaser, since it purposefully can't run on non-master branches 2023-12-09 15:53:05 -08:00
David Dworken
5f694da421
Enable SLSA release tests for pull requests to detect issues like 3005ad8fe9 before they're merged 2023-11-25 08:24:16 -08:00
David Dworken
5cebea00af
Run SLSA validation with the production release of hishtory too 2023-11-10 18:10:46 -08:00
David Dworken
42a7b80579
Update slsa releaser to run with write permissions so it can release the hishtory-release-validation-completed file 2023-11-08 19:51:49 -08:00
David Dworken
5ab1cb61a3
Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation 2023-11-08 19:03:30 -08:00
David Dworken
c802537cb7
Shorten delay and remove tmate 2023-11-08 18:58:34 -08:00
David Dworken
a93002f045
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact 2023-11-07 23:11:52 -08:00
David Dworken
cdd58d0191
Add tmate debugging for macos signing 2023-11-07 23:03:40 -08:00
David Dworken
465f7812ef
Update slsa-releaser.yml 2023-11-06 22:38:45 -08:00
David Dworken
4e699ff349
Update slsa-releaser.yml 2023-11-06 22:38:07 -08:00
David Dworken
90c0b787d9
Increase delay to account for GitHub artifacts being slow to publish 2023-11-06 22:05:59 -08:00
David Dworken
606ed6ccb0
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries 2023-11-06 21:47:14 -08:00
David Dworken
eaccc7b638
Skip installing dedicated package for sha1sum since coreutils includes it 2023-11-06 21:25:52 -08:00
David Dworken
8567b4cbdf
Run sha256sum in macos signer too for debuging purposes 2023-11-06 21:17:09 -08:00
David Dworken
72be3ee0c7
Update slsa-releaser.yml 2023-11-05 20:08:54 -08:00
David Dworken
a10913f188
Update slsa-releaser.yml to run tmate even if tests pass 2023-11-05 18:38:40 -08:00
David Dworken
222340a97c
Add tmate for debugging darwin attestation failures 2023-11-05 18:25:27 -08:00
David Dworken
19ee1816be Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
This reverts commit 259f6b7858.
2023-11-05 18:05:20 -08:00
David Dworken
259f6b7858
Add SLSA attestation validation with latest released hishtory binary too 2023-11-05 17:20:53 -08:00
David Dworken
1264388ea9
Swap post-release validation to happen in a dedicated python script 2023-11-05 12:57:58 -08:00
David Dworken
9834c6f492
Add validation of macos signatures 2023-11-05 12:42:00 -08:00
David Dworken
0eb362e123
Remove requests requirement since we no longer are using it 2023-11-05 12:39:07 -08:00
David Dworken
6cc7057d1e
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos 2023-11-05 12:37:49 -08:00
David Dworken
e00bc22dfd
Add SLSA self-validation for hishtory-linux-arm64 2023-11-05 12:27:44 -08:00
David Dworken
61224a447c
Add SLSA self-validation for hishtory-darwin-arm64 2023-11-05 12:25:58 -08:00
David Dworken
be2bbb37c6
Add SLSA self-validation for hishtory-darwin-amd64 2023-11-05 12:24:47 -08:00
David Dworken
8709ec9208
Update macos signer to be stricter about ensuring the files exist, and failing if they don't 2023-11-05 12:22:47 -08:00
David Dworken
a65c3799ed
Manually download github artifact rather than using the action since the action seems to be flaky 2023-11-05 11:37:14 -08:00
David Dworken
04c915512a
Add GITHUB_TOKEN to tmate for interactive debugging 2023-11-05 10:54:37 -08:00
David Dworken
55e187d6df
Add tmate for debugging why actions/download-artifact appears to not be working 2023-11-05 10:28:05 -08:00
David Dworken
2a57ec1d73
Add ls for debugging 2023-11-05 01:33:35 -07:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version 2023-11-05 01:15:54 -07:00
David Dworken
c3c74970b0
Swap slsa validation to use hishtory built at head 2023-11-05 00:55:01 -07:00
David Dworken
acf46893e9
Clone repo and setup go for validation 2023-11-04 09:51:58 -07:00
David Dworken
a10a796eaa
Another attempt at getting validation to work on github actions 2023-11-03 23:36:30 -07:00
David Dworken
13ba6f38f7
Add pwd for debugging 2023-11-03 23:25:57 -07:00
David Dworken
723d04e196
Remove slsa validation for macos binaries since the artifact upload currently isn't working 2023-11-03 23:24:27 -07:00
David Dworken
dcd58fe27d
Fix SLSA releaser to specify required parameter path 2023-11-03 22:42:52 -07:00
David Dworken
92537a085c
Upload artifacts from macos signer even if this isn't a release, since they're needed for validation 2023-11-03 22:31:43 -07:00
David Dworken
da99e46e42
Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP 2023-11-03 22:18:24 -07:00
David Dworken
4673b99579
Add integration to validate macos signers too 2023-11-03 22:16:11 -07:00
David Dworken
87dee94aab
Add initial version of slsa releaser that validates the generated SLSA signatures 2023-11-03 22:10:11 -07:00
David Dworken
7ad1e2fb03
Upgrade to go 1.21 which offers fully reproducible builds (on top of SLSA's attestations) 2023-10-01 18:00:58 -07:00
David Dworken
ac5131fe4b
Add netbsd binary for #87 2023-09-19 18:54:04 -07:00
David Dworken
d1763455c4
Rename actions for consistent naming scheme 2023-02-24 09:56:49 -08:00
David Dworken
27cd544524
Add support for arm7 for #63 to support raspberry pis 2023-02-18 22:00:39 -08:00
David Dworken
7c86b812bf
Add support for linux arm64 for #48 2022-12-11 20:39:45 -08:00