Commit Graph

2071 Commits

Author SHA1 Message Date
David Dworken
5ab1cb61a3
Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation 2023-11-08 19:03:30 -08:00
David Dworken
c802537cb7
Shorten delay and remove tmate 2023-11-08 18:58:34 -08:00
David Dworken
f7b662e7f4
Update go version in pre-commit.yml to match the version used for hishtory 2023-11-08 18:57:42 -08:00
David Dworken
7d9664363d
Add validation of hishtory status 2023-11-08 18:25:29 -08:00
David Dworken
ed6d472409
Move assertion that file is present to earlier in function so we fail fast 2023-11-08 18:19:55 -08:00
David Dworken
79a61c1b1d
Require SLSA pre-validation for macos too 2023-11-08 18:19:02 -08:00
David Dworken
a93002f045
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact 2023-11-07 23:11:52 -08:00
David Dworken
cdd58d0191
Add tmate debugging for macos signing 2023-11-07 23:03:40 -08:00
David Dworken
465f7812ef
Update slsa-releaser.yml 2023-11-06 22:38:45 -08:00
David Dworken
4e699ff349
Update slsa-releaser.yml 2023-11-06 22:38:07 -08:00
David Dworken
90c0b787d9
Increase delay to account for GitHub artifacts being slow to publish 2023-11-06 22:05:59 -08:00
David Dworken
606ed6ccb0
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries 2023-11-06 21:47:14 -08:00
David Dworken
19b9f67724
Fix bug with automatic cd-ing where quoting the directory caused tildes to not get expanded into the user's homedir 2023-11-06 21:39:01 -08:00
David Dworken
eaccc7b638
Skip installing dedicated package for sha1sum since coreutils includes it 2023-11-06 21:25:52 -08:00
David Dworken
8567b4cbdf
Run sha256sum in macos signer too for debuging purposes 2023-11-06 21:17:09 -08:00
David Dworken
e1f69f8731
Add TODO 2023-11-06 18:44:28 -08:00
David Dworken
a180c850a9
Add extra require to ensure that the next line doesn't panic if the string isn't present, since that interferes with gotestsum 2023-11-06 18:44:14 -08:00
David Dworken
72be3ee0c7
Update slsa-releaser.yml 2023-11-05 20:08:54 -08:00
David Dworken
a10913f188
Update slsa-releaser.yml to run tmate even if tests pass 2023-11-05 18:38:40 -08:00
David Dworken
222340a97c
Add tmate for debugging darwin attestation failures 2023-11-05 18:25:27 -08:00
David Dworken
19ee1816be Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
This reverts commit 259f6b7858.
2023-11-05 18:05:20 -08:00
David Dworken
259f6b7858
Add SLSA attestation validation with latest released hishtory binary too 2023-11-05 17:20:53 -08:00
David Dworken
3e31d022c8
Add debugging information about subprocess errors when prevalidating releases 2023-11-05 17:16:42 -08:00
David Dworken
53d976811c
Skip SLSA validation in tests for Mac binaries for debugging 2023-11-05 16:31:10 -08:00
David Dworken
517b9c43ee
Add debug prints to make reading the output easier 2023-11-05 14:10:03 -08:00
David Dworken
1cfaa13b74
Capture stdout for slsa validation 2023-11-05 14:09:22 -08:00
David Dworken
1264388ea9
Swap post-release validation to happen in a dedicated python script 2023-11-05 12:57:58 -08:00
David Dworken
9834c6f492
Add validation of macos signatures 2023-11-05 12:42:00 -08:00
David Dworken
0eb362e123
Remove requests requirement since we no longer are using it 2023-11-05 12:39:07 -08:00
David Dworken
6cc7057d1e
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos 2023-11-05 12:37:49 -08:00
David Dworken
e00bc22dfd
Add SLSA self-validation for hishtory-linux-arm64 2023-11-05 12:27:44 -08:00
David Dworken
61224a447c
Add SLSA self-validation for hishtory-darwin-arm64 2023-11-05 12:25:58 -08:00
David Dworken
be2bbb37c6
Add SLSA self-validation for hishtory-darwin-amd64 2023-11-05 12:24:47 -08:00
David Dworken
8709ec9208
Update macos signer to be stricter about ensuring the files exist, and failing if they don't 2023-11-05 12:22:47 -08:00
David Dworken
a65c3799ed
Manually download github artifact rather than using the action since the action seems to be flaky 2023-11-05 11:37:14 -08:00
David Dworken
04c915512a
Add GITHUB_TOKEN to tmate for interactive debugging 2023-11-05 10:54:37 -08:00
David Dworken
55e187d6df
Add tmate for debugging why actions/download-artifact appears to not be working 2023-11-05 10:28:05 -08:00
David Dworken
2a57ec1d73
Add ls for debugging 2023-11-05 01:33:35 -07:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version 2023-11-05 01:15:54 -07:00
David Dworken
c3c74970b0
Swap slsa validation to use hishtory built at head 2023-11-05 00:55:01 -07:00
David Dworken
29142df382
Add additional check that checks that the version is valid per semver 2023-11-05 00:38:21 -07:00
David Dworken
acf46893e9
Clone repo and setup go for validation 2023-11-04 09:51:58 -07:00
David Dworken
a10a796eaa
Another attempt at getting validation to work on github actions 2023-11-03 23:36:30 -07:00
David Dworken
13ba6f38f7
Add pwd for debugging 2023-11-03 23:25:57 -07:00
David Dworken
723d04e196
Remove slsa validation for macos binaries since the artifact upload currently isn't working 2023-11-03 23:24:27 -07:00
David Dworken
dcd58fe27d
Fix SLSA releaser to specify required parameter path 2023-11-03 22:42:52 -07:00
David Dworken
92537a085c
Upload artifacts from macos signer even if this isn't a release, since they're needed for validation 2023-11-03 22:31:43 -07:00
David Dworken
da99e46e42
Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP 2023-11-03 22:18:24 -07:00
David Dworken
4673b99579
Add integration to validate macos signers too 2023-11-03 22:16:11 -07:00
David Dworken
87dee94aab
Add initial version of slsa releaser that validates the generated SLSA signatures 2023-11-03 22:10:11 -07:00