Commit Graph

191 Commits

Author SHA1 Message Date
David Dworken
4f4b07165d Use a version rather than a commit hash 2022-09-01 23:34:23 -07:00
David Dworken
b37b598e65 Bump to 1.0 of slsa generator 2022-09-01 23:30:28 -07:00
David Dworken
bdd35c1776 Bump slsa to v0.0.2 2022-06-04 20:18:13 -07:00
David Dworken
5539ce8510 Fix file path 2022-06-03 21:12:15 -07:00
David Dworken
17b569756a Maybe this works since this is the commit associated with the tag?: 2022-06-03 21:09:59 -07:00
David Dworken
b1bdf8b7da Specify a version tag since f9e31da2a5 now requires that we use a tagged version 2022-06-03 21:01:53 -07:00
David Dworken
4cb4e5176a Try executing in sequence 2022-05-28 09:34:53 -07:00
David Dworken
3bb8d74358 CHeck if it is the config-file directive that is messing up the hash 2022-05-28 09:29:56 -07:00
David Dworken
fa32a1af07 Check if the task name is part of the hash 2022-05-28 09:24:31 -07:00
David Dworken
2f8727f29b A new way of releasing, taking advantage of config-file to avoid having to create a new commit per platform 2022-05-28 00:01:38 -07:00
David Dworken
a6476c1bf4 Update permissions 2022-05-27 23:30:49 -07:00
David Dworken
798fe48585 envs --> evaluated-envs to match updated slsa builder 2022-05-27 23:28:01 -07:00
David Dworken
adb20f1bb2 Upgrade slsa releaser action 2022-05-27 23:21:45 -07:00
David Dworken
64d4c211b4 Trigger cron from github actions 2022-05-27 22:48:13 -07:00
David Dworken
c467411db3 Enable running action tests via manual trigger 2022-05-27 18:52:09 -07:00
David Dworken
ea6be650ba Export the unsigned files for a new theory on how SLSA verification can be done 2022-05-26 23:09:00 -07:00
David Dworken
647f6a8924 More debugging info for the releaser action 2022-05-26 22:24:56 -07:00
David Dworken
b8ecb33deb Add more debugging information to signing workflow 2022-05-26 21:57:16 -07:00
David Dworken
750e2179c5 Add explicit permissions to allow writes 2022-05-26 21:42:09 -07:00
David Dworken
d4caef9c3d Fix release filenames 2022-05-24 22:26:24 -07:00
David Dworken
9276fea4ba Tweak the workflow order so signing runs after upload 2022-05-24 08:46:24 -07:00
David Dworken
d4d2b8e852 actions don't use python3 by default? 2022-05-23 23:31:57 -07:00
David Dworken
d7b6cc4caa install requests which isn't installed by default in actions 2022-05-23 23:29:29 -07:00
David Dworken
6906eb942a Fix accidentally deleted comment 2022-05-23 23:26:59 -07:00
David Dworken
8e2785e580 MIgrate to a python script for signign 2022-05-23 23:25:12 -07:00
David Dworken
344047e735 Fix github action reference 2022-05-23 18:27:27 -07:00
David Dworken
a679a770de Fix typo 2022-05-23 18:25:36 -07:00
David Dworken
1ee8e1bca7 Fix typo 2022-05-23 18:24:23 -07:00
David Dworken
69317e0a85 Delete separate signer and start the work of merging it into the SLSA releaser action 2022-05-23 18:22:03 -07:00
David Dworken
59ed3dd9e4 A new approach to signing 2022-05-23 17:56:51 -07:00
David Dworken
76d139bb5a Add GITHUB_TOKEN auth 2022-05-23 08:59:50 -07:00
David Dworken
cb1e69958a Why are the binaries ASCII??? 2022-05-23 08:57:55 -07:00
David Dworken
e8c8d4f0ad Add error case for TAG_NAME==null 2022-05-23 08:48:22 -07:00
David Dworken
cb72e0a830 Fix URL 2022-05-23 08:45:12 -07:00
David Dworken
89df994933 Add more debugging output 2022-05-23 08:43:43 -07:00
David Dworken
f7a37aa97c Update triggers and remove sleep that is not needed for remaining trigger types 2022-05-23 08:40:47 -07:00
David Dworken
677b596d49 Debugging code signing, added error checking for my xattr code and discovered that arm xattrs aren't being persisted 2022-05-22 20:08:30 -07:00
David Dworken
edcf92e899 Fix bad merge for macos signing 2022-05-22 18:15:16 -07:00
David Dworken
cc6cf07729 Another attempt at correct signing/releasing for macos 2022-05-22 18:12:32 -07:00
David Dworken
4cb5773632 Add hex parsing for xattr setting + log rather than error when offline 2022-04-28 09:51:01 -07:00
David Dworken
eed2459d99 Run signer on push and have it sleep 2022-04-25 22:23:05 -07:00
David Dworken
b0f680c1a8 Another attempt at xattr exporting 2022-04-25 21:40:02 -07:00
David Dworken
257f5df7e8 Another attempt at xattr exporting 2022-04-25 21:28:22 -07:00
David Dworken
cda9536abf More xattr debugging 2022-04-25 21:21:31 -07:00
David Dworken
cdcb013511 More debugging output 2022-04-25 21:08:24 -07:00
David Dworken
2d91b6bf48 Can only release when there is a tag 2022-04-25 20:15:28 -07:00
David Dworken
5a5759c691 Better xattr dumping 2022-04-25 20:13:31 -07:00
David Dworken
15e186c46d Fix releasing xattr files 2022-04-25 20:09:00 -07:00
David Dworken
76bdad0b78 Fix incorrect uses call 2022-04-24 22:05:18 -07:00
David Dworken
ba2bfc18d3 Release the xattrs containing the code signatures 2022-04-24 22:04:16 -07:00
David Dworken
ecbd149593 Brew install sha1sum 2022-04-24 21:50:03 -07:00
David Dworken
c9e062ec67 Add debugging prints 2022-04-24 21:48:06 -07:00
David Dworken
8c4049b101 Fix double @@ typo 2022-04-24 21:10:18 -07:00
David Dworken
1aa08a3a4d Turns out slsa verifier hasn't been updated yet, see https://github.com/slsa-framework/slsa-verifier/pull/37 2022-04-24 21:07:20 -07:00
David Dworken
aa806878ed Rename slsa builder file since the upstream repo renamed it 2022-04-24 20:46:48 -07:00
David Dworken
a60785955a Update workflow name 2022-04-24 20:39:40 -07:00
David Dworken
7fbe888059 Whoops, same messed up dash as before 2022-04-24 20:36:46 -07:00
David Dworken
a98c31be46 Swap the cert to be encrypted with a password 2022-04-24 20:34:44 -07:00
David Dworken
b853973db1 Run commands in one step to reduce waiting time 2022-04-24 10:06:06 -07:00
David Dworken
bcbb6eaf28 Fix CLI arg to base 64 decode 2022-04-24 09:45:15 -07:00
David Dworken
5a31c6f96b Enable manually running the sign workflow 2022-04-24 09:42:12 -07:00
David Dworken
7727e2c86d First attempt at codesigning for macos in github actions 2022-04-24 09:40:28 -07:00
David Dworken
10ee085d4c Remove unnecessary set -m calls, speed up the local make acttest command, embed ReleaseVersion into the test server to fix the test failures on macos, and update install to be resistant to bashrc and zshrc not existing 2022-04-19 21:05:54 -07:00
David Dworken
0c0943fc79 Fix failing test + fix syntax error in workflow 2022-04-19 19:21:39 -07:00
David Dworken
16d41de4ad Another attempt at making zsh pass on github actions 2022-04-17 23:06:01 -07:00
David Dworken
15bec30315 Add fake event with head_commit to restore the ability to run the github action test locally 2022-04-17 21:47:49 -07:00
David Dworken
16ad1ce12c Skip releaser if the tag doesn't contain a dash as part of the multi-os release flow 2022-04-17 21:05:23 -07:00
David Dworken
16055f982e Skip commands prefixed with a space for zsh + update tests + touch ~/.zshrc so tests can run on actions 2022-04-17 21:04:44 -07:00
David Dworken
e3d8f1274e Hopefully fix github action tests for zsh 2022-04-17 20:08:54 -07:00
David Dworken
1ab68a804c Don't build docker containers on actions since this doesn't work on macos 2022-04-17 12:09:10 -07:00
David Dworken
e98783d30f Add server-side code to handle updates for non-linux 2022-04-17 12:02:56 -07:00
David Dworken
478898fd1c Fix not attempt #2 2022-04-17 11:56:00 -07:00
David Dworken
aaaee9f632 Fix boolean not in actions config 2022-04-17 11:53:59 -07:00
David Dworken
4036a4594b Add config for building/releasing binaries for other OSs 2022-04-17 11:44:57 -07:00
David Dworken
787ee8dfd9 Run tests on macos 2022-04-17 10:50:37 -07:00
David Dworken
c725327c24 Seems as though there is no way of building multiple binaries, so revert the last two changes 2022-04-17 10:47:10 -07:00
David Dworken
519f85cd98 And what about this? 2022-04-17 10:40:06 -07:00
David Dworken
76ebb73326 Does this work to generate SLSA binaries for two OSs 2022-04-17 10:38:12 -07:00
David Dworken
fb52b98379 Swap generous date parsing to using a library 2022-04-11 23:22:49 -07:00
David Dworken
e9d19eb782 fix hardcoded username in tests + another attempt at enabling bash job control + test that building docker containers works 2022-04-09 12:19:01 -07:00
David Dworken
6f7e034837 fix triggers 2022-04-09 11:58:49 -07:00
David Dworken
da4cab7a0b github action to test code 2022-04-09 11:56:25 -07:00
David Dworken
68d7f33c98
Enable codeql scanning 2022-04-09 11:39:21 -07:00
David Dworken
108e1526b8 trying again with ldflags + fixed update url 2022-04-08 22:56:44 -07:00
David Dworken
f2c6f86204 another attempt at ldflags 2022-04-08 22:45:49 -07:00
David Dworken
13d766a9c8 trying again to make ldflags work with slsa 2022-04-08 22:12:00 -07:00
David Dworken
c3d232ea36 turns out github releases require a tag, now it runs automatically for all tagged commits 2022-04-08 21:52:22 -07:00
David Dworken
3c45c1c959 it ran, but still no ldflag. trying again for that + getting rid of the if for release + back to only running on manual trigger 2022-04-08 21:42:19 -07:00
David Dworken
18492e102a attempt to fix ldflags for slsa 2022-04-08 21:22:31 -07:00
David Dworken
8bb1fd3856 run on push + delete outdated design.md 2022-04-08 21:12:17 -07:00
David Dworken
ff37570d74 Added SLSA builder 2022-04-08 20:59:24 -07:00