David Dworken
|
5ab1cb61a3
|
Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation
|
2023-11-08 19:03:30 -08:00 |
|
David Dworken
|
c802537cb7
|
Shorten delay and remove tmate
|
2023-11-08 18:58:34 -08:00 |
|
David Dworken
|
f7b662e7f4
|
Update go version in pre-commit.yml to match the version used for hishtory
|
2023-11-08 18:57:42 -08:00 |
|
David Dworken
|
7d9664363d
|
Add validation of hishtory status
|
2023-11-08 18:25:29 -08:00 |
|
David Dworken
|
ed6d472409
|
Move assertion that file is present to earlier in function so we fail fast
|
2023-11-08 18:19:55 -08:00 |
|
David Dworken
|
79a61c1b1d
|
Require SLSA pre-validation for macos too
|
2023-11-08 18:19:02 -08:00 |
|
David Dworken
|
a93002f045
|
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact
|
2023-11-07 23:11:52 -08:00 |
|
David Dworken
|
cdd58d0191
|
Add tmate debugging for macos signing
|
2023-11-07 23:03:40 -08:00 |
|
David Dworken
|
465f7812ef
|
Update slsa-releaser.yml
|
2023-11-06 22:38:45 -08:00 |
|
David Dworken
|
4e699ff349
|
Update slsa-releaser.yml
|
2023-11-06 22:38:07 -08:00 |
|
David Dworken
|
90c0b787d9
|
Increase delay to account for GitHub artifacts being slow to publish
|
2023-11-06 22:05:59 -08:00 |
|
David Dworken
|
606ed6ccb0
|
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries
|
2023-11-06 21:47:14 -08:00 |
|
David Dworken
|
19b9f67724
|
Fix bug with automatic cd-ing where quoting the directory caused tildes to not get expanded into the user's homedir
|
2023-11-06 21:39:01 -08:00 |
|
David Dworken
|
eaccc7b638
|
Skip installing dedicated package for sha1sum since coreutils includes it
|
2023-11-06 21:25:52 -08:00 |
|
David Dworken
|
8567b4cbdf
|
Run sha256sum in macos signer too for debuging purposes
|
2023-11-06 21:17:09 -08:00 |
|
David Dworken
|
e1f69f8731
|
Add TODO
|
2023-11-06 18:44:28 -08:00 |
|
David Dworken
|
a180c850a9
|
Add extra require to ensure that the next line doesn't panic if the string isn't present, since that interferes with gotestsum
|
2023-11-06 18:44:14 -08:00 |
|
David Dworken
|
72be3ee0c7
|
Update slsa-releaser.yml
|
2023-11-05 20:08:54 -08:00 |
|
David Dworken
|
a10913f188
|
Update slsa-releaser.yml to run tmate even if tests pass
|
2023-11-05 18:38:40 -08:00 |
|
David Dworken
|
222340a97c
|
Add tmate for debugging darwin attestation failures
|
2023-11-05 18:25:27 -08:00 |
|
David Dworken
|
19ee1816be
|
Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
This reverts commit 259f6b7858 .
|
2023-11-05 18:05:20 -08:00 |
|
David Dworken
|
259f6b7858
|
Add SLSA attestation validation with latest released hishtory binary too
|
2023-11-05 17:20:53 -08:00 |
|
David Dworken
|
3e31d022c8
|
Add debugging information about subprocess errors when prevalidating releases
|
2023-11-05 17:16:42 -08:00 |
|
David Dworken
|
53d976811c
|
Skip SLSA validation in tests for Mac binaries for debugging
|
2023-11-05 16:31:10 -08:00 |
|
David Dworken
|
517b9c43ee
|
Add debug prints to make reading the output easier
|
2023-11-05 14:10:03 -08:00 |
|
David Dworken
|
1cfaa13b74
|
Capture stdout for slsa validation
|
2023-11-05 14:09:22 -08:00 |
|
David Dworken
|
1264388ea9
|
Swap post-release validation to happen in a dedicated python script
|
2023-11-05 12:57:58 -08:00 |
|
David Dworken
|
9834c6f492
|
Add validation of macos signatures
|
2023-11-05 12:42:00 -08:00 |
|
David Dworken
|
0eb362e123
|
Remove requests requirement since we no longer are using it
|
2023-11-05 12:39:07 -08:00 |
|
David Dworken
|
6cc7057d1e
|
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos
|
2023-11-05 12:37:49 -08:00 |
|
David Dworken
|
e00bc22dfd
|
Add SLSA self-validation for hishtory-linux-arm64
|
2023-11-05 12:27:44 -08:00 |
|
David Dworken
|
61224a447c
|
Add SLSA self-validation for hishtory-darwin-arm64
|
2023-11-05 12:25:58 -08:00 |
|
David Dworken
|
be2bbb37c6
|
Add SLSA self-validation for hishtory-darwin-amd64
|
2023-11-05 12:24:47 -08:00 |
|
David Dworken
|
8709ec9208
|
Update macos signer to be stricter about ensuring the files exist, and failing if they don't
|
2023-11-05 12:22:47 -08:00 |
|
David Dworken
|
a65c3799ed
|
Manually download github artifact rather than using the action since the action seems to be flaky
|
2023-11-05 11:37:14 -08:00 |
|
David Dworken
|
04c915512a
|
Add GITHUB_TOKEN to tmate for interactive debugging
|
2023-11-05 10:54:37 -08:00 |
|
David Dworken
|
55e187d6df
|
Add tmate for debugging why actions/download-artifact appears to not be working
|
2023-11-05 10:28:05 -08:00 |
|
David Dworken
|
2a57ec1d73
|
Add ls for debugging
|
2023-11-05 01:33:35 -07:00 |
|
David Dworken
|
c918bcd3cb
|
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version
|
2023-11-05 01:15:54 -07:00 |
|
David Dworken
|
c3c74970b0
|
Swap slsa validation to use hishtory built at head
|
2023-11-05 00:55:01 -07:00 |
|
David Dworken
|
29142df382
|
Add additional check that checks that the version is valid per semver
|
2023-11-05 00:38:21 -07:00 |
|
David Dworken
|
acf46893e9
|
Clone repo and setup go for validation
|
2023-11-04 09:51:58 -07:00 |
|
David Dworken
|
a10a796eaa
|
Another attempt at getting validation to work on github actions
|
2023-11-03 23:36:30 -07:00 |
|
David Dworken
|
13ba6f38f7
|
Add pwd for debugging
|
2023-11-03 23:25:57 -07:00 |
|
David Dworken
|
723d04e196
|
Remove slsa validation for macos binaries since the artifact upload currently isn't working
|
2023-11-03 23:24:27 -07:00 |
|
David Dworken
|
dcd58fe27d
|
Fix SLSA releaser to specify required parameter path
|
2023-11-03 22:42:52 -07:00 |
|
David Dworken
|
92537a085c
|
Upload artifacts from macos signer even if this isn't a release, since they're needed for validation
|
2023-11-03 22:31:43 -07:00 |
|
David Dworken
|
da99e46e42
|
Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP
|
2023-11-03 22:18:24 -07:00 |
|
David Dworken
|
4673b99579
|
Add integration to validate macos signers too
|
2023-11-03 22:16:11 -07:00 |
|
David Dworken
|
87dee94aab
|
Add initial version of slsa releaser that validates the generated SLSA signatures
|
2023-11-03 22:10:11 -07:00 |
|