Commit Graph

2119 Commits

Author SHA1 Message Date
David Dworken
f7b662e7f4
Update go version in pre-commit.yml to match the version used for hishtory 2023-11-08 18:57:42 -08:00
David Dworken
7d9664363d
Add validation of hishtory status 2023-11-08 18:25:29 -08:00
David Dworken
ed6d472409
Move assertion that file is present to earlier in function so we fail fast 2023-11-08 18:19:55 -08:00
David Dworken
79a61c1b1d
Require SLSA pre-validation for macos too 2023-11-08 18:19:02 -08:00
David Dworken
a93002f045
Attempt to swap back to using the download-artifact action, but with a sleep to see if that helps it find the artifact 2023-11-07 23:11:52 -08:00
David Dworken
cdd58d0191
Add tmate debugging for macos signing 2023-11-07 23:03:40 -08:00
David Dworken
465f7812ef
Update slsa-releaser.yml 2023-11-06 22:38:45 -08:00
David Dworken
4e699ff349
Update slsa-releaser.yml 2023-11-06 22:38:07 -08:00
David Dworken
90c0b787d9
Increase delay to account for GitHub artifacts being slow to publish 2023-11-06 22:05:59 -08:00
David Dworken
606ed6ccb0
Download the artifact from this specific run to ensure we aren't getting outdated hishtory binaries 2023-11-06 21:47:14 -08:00
David Dworken
19b9f67724
Fix bug with automatic cd-ing where quoting the directory caused tildes to not get expanded into the user's homedir 2023-11-06 21:39:01 -08:00
David Dworken
eaccc7b638
Skip installing dedicated package for sha1sum since coreutils includes it 2023-11-06 21:25:52 -08:00
David Dworken
8567b4cbdf
Run sha256sum in macos signer too for debuging purposes 2023-11-06 21:17:09 -08:00
David Dworken
e1f69f8731
Add TODO 2023-11-06 18:44:28 -08:00
David Dworken
a180c850a9
Add extra require to ensure that the next line doesn't panic if the string isn't present, since that interferes with gotestsum 2023-11-06 18:44:14 -08:00
David Dworken
72be3ee0c7
Update slsa-releaser.yml 2023-11-05 20:08:54 -08:00
David Dworken
a10913f188
Update slsa-releaser.yml to run tmate even if tests pass 2023-11-05 18:38:40 -08:00
David Dworken
222340a97c
Add tmate for debugging darwin attestation failures 2023-11-05 18:25:27 -08:00
David Dworken
19ee1816be Revert "Add SLSA attestation validation with latest released hishtory binary too" because the released binary doesn't support the validate-binary subcommand yet
This reverts commit 259f6b7858.
2023-11-05 18:05:20 -08:00
David Dworken
259f6b7858
Add SLSA attestation validation with latest released hishtory binary too 2023-11-05 17:20:53 -08:00
David Dworken
3e31d022c8
Add debugging information about subprocess errors when prevalidating releases 2023-11-05 17:16:42 -08:00
David Dworken
53d976811c
Skip SLSA validation in tests for Mac binaries for debugging 2023-11-05 16:31:10 -08:00
David Dworken
517b9c43ee
Add debug prints to make reading the output easier 2023-11-05 14:10:03 -08:00
David Dworken
1cfaa13b74
Capture stdout for slsa validation 2023-11-05 14:09:22 -08:00
David Dworken
1264388ea9
Swap post-release validation to happen in a dedicated python script 2023-11-05 12:57:58 -08:00
David Dworken
9834c6f492
Add validation of macos signatures 2023-11-05 12:42:00 -08:00
David Dworken
0eb362e123
Remove requests requirement since we no longer are using it 2023-11-05 12:39:07 -08:00
David Dworken
6cc7057d1e
Swap to running SLSA validation on macos since we need codesign_allocate to validate signatures on macos 2023-11-05 12:37:49 -08:00
David Dworken
e00bc22dfd
Add SLSA self-validation for hishtory-linux-arm64 2023-11-05 12:27:44 -08:00
David Dworken
61224a447c
Add SLSA self-validation for hishtory-darwin-arm64 2023-11-05 12:25:58 -08:00
David Dworken
be2bbb37c6
Add SLSA self-validation for hishtory-darwin-amd64 2023-11-05 12:24:47 -08:00
David Dworken
8709ec9208
Update macos signer to be stricter about ensuring the files exist, and failing if they don't 2023-11-05 12:22:47 -08:00
David Dworken
a65c3799ed
Manually download github artifact rather than using the action since the action seems to be flaky 2023-11-05 11:37:14 -08:00
David Dworken
04c915512a
Add GITHUB_TOKEN to tmate for interactive debugging 2023-11-05 10:54:37 -08:00
David Dworken
55e187d6df
Add tmate for debugging why actions/download-artifact appears to not be working 2023-11-05 10:28:05 -08:00
David Dworken
2a57ec1d73
Add ls for debugging 2023-11-05 01:33:35 -07:00
David Dworken
c918bcd3cb
Update slsa validation to not validate version when running in github actions, since the one in actions isn't associated with a released version 2023-11-05 01:15:54 -07:00
David Dworken
c3c74970b0
Swap slsa validation to use hishtory built at head 2023-11-05 00:55:01 -07:00
David Dworken
29142df382
Add additional check that checks that the version is valid per semver 2023-11-05 00:38:21 -07:00
David Dworken
acf46893e9
Clone repo and setup go for validation 2023-11-04 09:51:58 -07:00
David Dworken
a10a796eaa
Another attempt at getting validation to work on github actions 2023-11-03 23:36:30 -07:00
David Dworken
13ba6f38f7
Add pwd for debugging 2023-11-03 23:25:57 -07:00
David Dworken
723d04e196
Remove slsa validation for macos binaries since the artifact upload currently isn't working 2023-11-03 23:24:27 -07:00
David Dworken
dcd58fe27d
Fix SLSA releaser to specify required parameter path 2023-11-03 22:42:52 -07:00
David Dworken
92537a085c
Upload artifacts from macos signer even if this isn't a release, since they're needed for validation 2023-11-03 22:31:43 -07:00
David Dworken
da99e46e42
Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP 2023-11-03 22:18:24 -07:00
David Dworken
4673b99579
Add integration to validate macos signers too 2023-11-03 22:16:11 -07:00
David Dworken
87dee94aab
Add initial version of slsa releaser that validates the generated SLSA signatures 2023-11-03 22:10:11 -07:00
David Dworken
06f3501756 Release v0.246 2023-11-03 21:22:34 -07:00
David Dworken
c908a9a6dd
Add a hidden validate-binary command that can be used to run SLSA validations against a given binary. This will be used for CI/CD tests in the automated releases 2023-11-03 18:19:36 -07:00