David Dworken
26ffaf8d28
Set up tmate session to debug slsa releaser
2024-08-11 12:29:37 -07:00
David Dworken
59e8a6dd5b
Add SLSA validation with current binary built by SLSA
2024-08-11 12:29:37 -07:00
David Dworken
0c3e515008
Disable validation with local build since it seems to fail for some reason
2024-08-11 12:29:37 -07:00
David Dworken
2c9dc48977
Re-enable SLSA verification now that we've updated the SLSA version throughout the repo
2024-08-11 12:29:37 -07:00
David Dworken
78aa513cd4
Fully disable validation to allow an emergency release due to SLSA breakage
2024-08-11 12:29:37 -07:00
David Dworken
0328587910
Disable validation so we can push out a working binary even though SLSA is broken
2024-08-11 12:29:37 -07:00
David Dworken
4c66c4253a
Upgrade SLSA releaser due to github.com/slsa-framework/slsa-github-generator/issues/3350
2024-08-11 12:29:37 -07:00
David Dworken
33bc582d8b
Run integration tests in parallel to speed up testing ( #175 )
...
* Remove a few direct DB insertions to prepare for parallel tests
* Revert "Remove a few direct DB insertions to prepare for parallel tests"
This reverts commit f8a3552ad8
.
* Add rudimentary experiment of splitting tests into two chunks to make them faster
* Add missing tag
* Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks
* Lay out the framework for checking goldens being used across all test runs
* Fix missing brace
* Revert "Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks"
This reverts commit 06cc3eedbc
.
* Add initial work towards checking that all goldens are used
* Delete incorrect and unreferenced matrix
* Upgrade actions/upload-artifact to see if that makes the download in the next job work
* Alternatively, try downloading the artifact by name
* Update golden checker to read all the golden artifacts
* Swap to using glob to enumerate all golden files, rather than hardcoding them
* Remove debugging commands
* Remove goldens that are actually used
* Remove another golden that is actually used
* Add more comprehensive support for test sharding
* Fix references to test shards and increase shard count
* Shard the fuzz test
* Add debug prints
* Mark additional tests for sharding
* Fix logic error that broke test sharding
* Remove debug print
* Fix incorrect logic with skipping the fuzz test
* Move sharding functions to testutils and add some comments
* Upgrade all setup-go actions to enable caching of deps
* Remove goldens that don't exist
* Remove new line
* Reduce delay
* Correct stage name
* Remove incorrect skip code from the first version of sharding
* Remove unused import
* Reduce number of test shards to match GitHub's limit of 5 concurrent macos jobs
* Use cask for installing homebrew to speed up github actions
* More cleanup for unused goldens
2024-08-11 12:29:36 -07:00
David Dworken
0a81799609
Remove PR trigger for SLSA releaser, since it purposefully can't run on non-master branches
2023-12-09 15:53:05 -08:00
David Dworken
5f694da421
Enable SLSA release tests for pull requests to detect issues like 3005ad8fe9
before they're merged
2023-11-25 08:24:16 -08:00
David Dworken
5cebea00af
Run SLSA validation with the production release of hishtory too
2023-11-10 18:10:46 -08:00
David Dworken
42a7b80579
Update slsa releaser to run with write permissions so it can release the hishtory-release-validation-completed file
2023-11-08 19:51:49 -08:00
David Dworken
5ab1cb61a3
Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation
2023-11-08 19:03:30 -08:00
David Dworken
c802537cb7
Shorten delay and remove tmate
2023-11-08 18:58:34 -08:00
David Dworken
a93002f045
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact
2023-11-07 23:11:52 -08:00
David Dworken
cdd58d0191
Add tmate debugging for macos signing
2023-11-07 23:03:40 -08:00
David Dworken
465f7812ef
Update slsa-releaser.yml
2023-11-06 22:38:45 -08:00
David Dworken
4e699ff349
Update slsa-releaser.yml
2023-11-06 22:38:07 -08:00
David Dworken
90c0b787d9
Increase delay to account for GitHub artifacts being slow to publish
2023-11-06 22:05:59 -08:00
David Dworken
606ed6ccb0
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries
2023-11-06 21:47:14 -08:00
David Dworken
eaccc7b638
Skip installing dedicated package for sha1sum since coreutils includes it
2023-11-06 21:25:52 -08:00
David Dworken
8567b4cbdf
Run sha256sum in macos signer too for debuging purposes
2023-11-06 21:17:09 -08:00
David Dworken
72be3ee0c7
Update slsa-releaser.yml
2023-11-05 20:08:54 -08:00
David Dworken
a10913f188
Update slsa-releaser.yml to run tmate even if tests pass
2023-11-05 18:38:40 -08:00
David Dworken
222340a97c
Add tmate for debugging darwin attestation failures
2023-11-05 18:25:27 -08:00
David Dworken
19ee1816be
Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
...
This reverts commit 259f6b7858
.
2023-11-05 18:05:20 -08:00
David Dworken
259f6b7858
Add SLSA attestation validation with latest released hishtory binary too
2023-11-05 17:20:53 -08:00
David Dworken
1264388ea9
Swap post-release validation to happen in a dedicated python script
2023-11-05 12:57:58 -08:00
David Dworken
9834c6f492
Add validation of macos signatures
2023-11-05 12:42:00 -08:00
David Dworken
0eb362e123
Remove requests requirement since we no longer are using it
2023-11-05 12:39:07 -08:00
David Dworken
6cc7057d1e
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos
2023-11-05 12:37:49 -08:00
David Dworken
e00bc22dfd
Add SLSA self-validation for hishtory-linux-arm64
2023-11-05 12:27:44 -08:00
David Dworken
61224a447c
Add SLSA self-validation for hishtory-darwin-arm64
2023-11-05 12:25:58 -08:00
David Dworken
be2bbb37c6
Add SLSA self-validation for hishtory-darwin-amd64
2023-11-05 12:24:47 -08:00
David Dworken
8709ec9208
Update macos signer to be stricter about ensuring the files exist, and failing if they don't
2023-11-05 12:22:47 -08:00
David Dworken
a65c3799ed
Manually download github artifact rather than using the action since the action seems to be flaky
2023-11-05 11:37:14 -08:00
David Dworken
04c915512a
Add GITHUB_TOKEN to tmate for interactive debugging
2023-11-05 10:54:37 -08:00
David Dworken
55e187d6df
Add tmate for debugging why actions/download-artifact appears to not be working
2023-11-05 10:28:05 -08:00
David Dworken
2a57ec1d73
Add ls for debugging
2023-11-05 01:33:35 -07:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version
2023-11-05 01:15:54 -07:00
David Dworken
c3c74970b0
Swap slsa validation to use hishtory built at head
2023-11-05 00:55:01 -07:00
David Dworken
acf46893e9
Clone repo and setup go for validation
2023-11-04 09:51:58 -07:00
David Dworken
a10a796eaa
Another attempt at getting validation to work on github actions
2023-11-03 23:36:30 -07:00
David Dworken
13ba6f38f7
Add pwd for debugging
2023-11-03 23:25:57 -07:00
David Dworken
723d04e196
Remove slsa validation for macos binaries since the artifact upload currently isn't working
2023-11-03 23:24:27 -07:00
David Dworken
dcd58fe27d
Fix SLSA releaser to specify required parameter path
2023-11-03 22:42:52 -07:00
David Dworken
92537a085c
Upload artifacts from macos signer even if this isn't a release, since they're needed for validation
2023-11-03 22:31:43 -07:00
David Dworken
da99e46e42
Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP
2023-11-03 22:18:24 -07:00
David Dworken
4673b99579
Add integration to validate macos signers too
2023-11-03 22:16:11 -07:00
David Dworken
87dee94aab
Add initial version of slsa releaser that validates the generated SLSA signatures
2023-11-03 22:10:11 -07:00