David Dworken
|
09270ef5a0
|
Add SLSA attestation pre-validation with released hishtory version
|
2023-11-08 20:23:24 -08:00 |
|
David Dworken
|
e0f629d0ee
|
Add integration with 5ab1cb61a3 so that we only serve binaries for updates if they have passed validation
|
2023-11-08 20:08:42 -08:00 |
|
David Dworken
|
73b1a76390
|
Release v0.248
|
2023-11-08 19:52:23 -08:00 |
|
David Dworken
|
42a7b80579
|
Update slsa releaser to run with write permissions so it can release the hishtory-release-validation-completed file
|
2023-11-08 19:51:49 -08:00 |
|
David Dworken
|
c64ffd68b7
|
Release v0.247
|
2023-11-08 19:38:45 -08:00 |
|
David Dworken
|
262d8238ad
|
Add chmod +x so that we can run hishtory status
|
2023-11-08 19:26:00 -08:00 |
|
David Dworken
|
b88bc86204
|
Add ./ to execute the binary in CWD
|
2023-11-08 19:07:49 -08:00 |
|
David Dworken
|
5ab1cb61a3
|
Update validation to release an artifact to certify that validation passed, this will then be used by the backend server to only publish releases that passed validation
|
2023-11-08 19:03:30 -08:00 |
|
David Dworken
|
c802537cb7
|
Shorten delay and remove tmate
|
2023-11-08 18:58:34 -08:00 |
|
David Dworken
|
f7b662e7f4
|
Update go version in pre-commit.yml to match the version used for hishtory
|
2023-11-08 18:57:42 -08:00 |
|
David Dworken
|
7d9664363d
|
Add validation of hishtory status
|
2023-11-08 18:25:29 -08:00 |
|
David Dworken
|
ed6d472409
|
Move assertion that file is present to earlier in function so we fail fast
|
2023-11-08 18:19:55 -08:00 |
|
David Dworken
|
79a61c1b1d
|
Require SLSA pre-validation for macos too
|
2023-11-08 18:19:02 -08:00 |
|
David Dworken
|
a93002f045
|
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact
|
2023-11-07 23:11:52 -08:00 |
|
David Dworken
|
cdd58d0191
|
Add tmate debugging for macos signing
|
2023-11-07 23:03:40 -08:00 |
|
David Dworken
|
465f7812ef
|
Update slsa-releaser.yml
|
2023-11-06 22:38:45 -08:00 |
|
David Dworken
|
4e699ff349
|
Update slsa-releaser.yml
|
2023-11-06 22:38:07 -08:00 |
|
David Dworken
|
90c0b787d9
|
Increase delay to account for GitHub artifacts being slow to publish
|
2023-11-06 22:05:59 -08:00 |
|
David Dworken
|
606ed6ccb0
|
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries
|
2023-11-06 21:47:14 -08:00 |
|
David Dworken
|
19b9f67724
|
Fix bug with automatic cd-ing where quoting the directory caused tildes to not get expanded into the user's homedir
|
2023-11-06 21:39:01 -08:00 |
|
David Dworken
|
eaccc7b638
|
Skip installing dedicated package for sha1sum since coreutils includes it
|
2023-11-06 21:25:52 -08:00 |
|
David Dworken
|
8567b4cbdf
|
Run sha256sum in macos signer too for debuging purposes
|
2023-11-06 21:17:09 -08:00 |
|
David Dworken
|
e1f69f8731
|
Add TODO
|
2023-11-06 18:44:28 -08:00 |
|
David Dworken
|
a180c850a9
|
Add extra require to ensure that the next line doesn't panic if the string isn't present, since that interferes with gotestsum
|
2023-11-06 18:44:14 -08:00 |
|
David Dworken
|
72be3ee0c7
|
Update slsa-releaser.yml
|
2023-11-05 20:08:54 -08:00 |
|
David Dworken
|
a10913f188
|
Update slsa-releaser.yml to run tmate even if tests pass
|
2023-11-05 18:38:40 -08:00 |
|
David Dworken
|
222340a97c
|
Add tmate for debugging darwin attestation failures
|
2023-11-05 18:25:27 -08:00 |
|
David Dworken
|
19ee1816be
|
Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
This reverts commit 259f6b7858 .
|
2023-11-05 18:05:20 -08:00 |
|
David Dworken
|
259f6b7858
|
Add SLSA attestation validation with latest released hishtory binary too
|
2023-11-05 17:20:53 -08:00 |
|
David Dworken
|
3e31d022c8
|
Add debugging information about subprocess errors when prevalidating releases
|
2023-11-05 17:16:42 -08:00 |
|
David Dworken
|
53d976811c
|
Skip SLSA validation in tests for Mac binaries for debugging
|
2023-11-05 16:31:10 -08:00 |
|
David Dworken
|
517b9c43ee
|
Add debug prints to make reading the output easier
|
2023-11-05 14:10:03 -08:00 |
|
David Dworken
|
1cfaa13b74
|
Capture stdout for slsa validation
|
2023-11-05 14:09:22 -08:00 |
|
David Dworken
|
1264388ea9
|
Swap post-release validation to happen in a dedicated python script
|
2023-11-05 12:57:58 -08:00 |
|
David Dworken
|
9834c6f492
|
Add validation of macos signatures
|
2023-11-05 12:42:00 -08:00 |
|
David Dworken
|
0eb362e123
|
Remove requests requirement since we no longer are using it
|
2023-11-05 12:39:07 -08:00 |
|
David Dworken
|
6cc7057d1e
|
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos
|
2023-11-05 12:37:49 -08:00 |
|
David Dworken
|
e00bc22dfd
|
Add SLSA self-validation for hishtory-linux-arm64
|
2023-11-05 12:27:44 -08:00 |
|
David Dworken
|
61224a447c
|
Add SLSA self-validation for hishtory-darwin-arm64
|
2023-11-05 12:25:58 -08:00 |
|
David Dworken
|
be2bbb37c6
|
Add SLSA self-validation for hishtory-darwin-amd64
|
2023-11-05 12:24:47 -08:00 |
|
David Dworken
|
8709ec9208
|
Update macos signer to be stricter about ensuring the files exist, and failing if they don't
|
2023-11-05 12:22:47 -08:00 |
|
David Dworken
|
a65c3799ed
|
Manually download github artifact rather than using the action since the action seems to be flaky
|
2023-11-05 11:37:14 -08:00 |
|
David Dworken
|
04c915512a
|
Add GITHUB_TOKEN to tmate for interactive debugging
|
2023-11-05 10:54:37 -08:00 |
|
David Dworken
|
55e187d6df
|
Add tmate for debugging why actions/download-artifact appears to not be working
|
2023-11-05 10:28:05 -08:00 |
|
David Dworken
|
2a57ec1d73
|
Add ls for debugging
|
2023-11-05 01:33:35 -07:00 |
|
David Dworken
|
c918bcd3cb
|
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version
|
2023-11-05 01:15:54 -07:00 |
|
David Dworken
|
c3c74970b0
|
Swap slsa validation to use hishtory built at head
|
2023-11-05 00:55:01 -07:00 |
|
David Dworken
|
29142df382
|
Add additional check that checks that the version is valid per semver
|
2023-11-05 00:38:21 -07:00 |
|
David Dworken
|
acf46893e9
|
Clone repo and setup go for validation
|
2023-11-04 09:51:58 -07:00 |
|
David Dworken
|
a10a796eaa
|
Another attempt at getting validation to work on github actions
|
2023-11-03 23:36:30 -07:00 |
|