fix: remove attestation-name input and output (#3313)

# Summary

- Fixes #3031
- Fixes #3072 
- Removes the `attestation-name` input and output from the
`generator_generic_slsa3.yml`, which has been deprecated for
`provenance-name`.

## Testing Process

We cannot properly test workflow changes without first merging to
`main`, and revert if tests fail. After merging we will

- [ ] trigger a manual run of `pre-submit e2e generic default`
- [ ] wait for nightly e2e tests to report success

## Checklist

- [x] Review the contributing [guidelines](./../CONTRIBUTING.md)
- [x] Add a reference to related issues in the PR description.
- [x] Update documentation if applicable.
- [ ] Add unit tests if applicable.
- [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.

---------

Signed-off-by: Ramon Petgrave <[email protected]>

Author: ramonpetgrave64

.github/workflows/generator_generic_slsa3.yml

@@ -56,10 +56,6 @@ on:
           the assets.
         type: string
         default: ""
-      attestation-name:
-        description: "The artifact name of the signed provenance. The file must have the intoto.jsonl extension. Defaults to <filename>.intoto.jsonl for single artifact or multiple.intoto.jsonl for multiple artifacts. DEPRECATED: Use provenance-name instead."
-        required: false
-        type: string
       provenance-name:
         description: The artifact name of the signed provenance. The file must have the intoto.jsonl extension. Defaults to <filename>.intoto.jsonl for single artifact or multiple.intoto.jsonl for multiple artifacts.
         required: false
@@ -98,9 +94,6 @@ on:
           Note: This value is non-empty only when a release asset is uploaded, according to
           the values of `upload-assets` and `upload-tag-name`.
         value: ${{ jobs.upload-assets.outputs.release-id }}
-      attestation-name:
-        description: "DEPRECATED: use the provenance-name output instead."
-        value: ${{ jobs.generator.outputs.provenance-name }}
       provenance-name:
         description: "The artifact name of the signed provenance. (A file with the intoto.jsonl extension)."
         value: ${{ jobs.generator.outputs.provenance-name }}
@@ -226,17 +219,11 @@ jobs:
         env:
           GITHUB_CONTEXT: "${{ toJSON(github) }}"
           UNTRUSTED_PROVENANCE_NAME: "${{ inputs.provenance-name }}"
-          UNTRUSTED_DEPRECATED_ATTESTATION_NAME: "${{ inputs.attestation-name }}"
         run: |
           set -euo pipefail
           untrusted_prov_name=""
           if [ "$UNTRUSTED_PROVENANCE_NAME" != "" ]; then
             untrusted_prov_name="$UNTRUSTED_PROVENANCE_NAME"
-          else
-            if [ "$UNTRUSTED_DEPRECATED_ATTESTATION_NAME" != "" ]; then
-              echo "WARNING: deprecated attestation-name was used. Use provenance-name instead."
-              untrusted_prov_name="$UNTRUSTED_DEPRECATED_ATTESTATION_NAME"
-            fi
           fi
           # Create and sign provenance.
           # NOTE: The builder verifies that the provenance path is located

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <!-- toc -->
 
 - [Unreleased](#unreleased)
+  - [Unreleased: Breaking Change: attestation-name Workflow Input and Output](#unreleased-breaking-change-attestation-name-workflow-input-and-output)
   - [Unreleased: Gradle Builder](#unreleased-gradle-builder)
   - [Unreleased: Go Builder](#unreleased-go-builder)
   - [Unreleased: Container Generator](#unreleased-container-generator)
@@ -99,6 +100,10 @@ duplication."
 
 ## Unreleased
 
+### Unreleased: Breaking Change: attestation-name Workflow Input and Output
+
+- `attestation-name` as a workflow input to `.github/workflows/generator_generic_slsa3.yml` is now removed. Use `provenance-name` instead.
+
 ### Unreleased: Gradle Builder
 
 - The Gradle Builder was fixed when the project root is the same as the

internal/builders/generic/README.md

@@ -266,7 +266,6 @@ The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/b
 | `upload-assets`           | no                                                                 | false                                                                                           | If true provenance is uploaded to a GitHub release for new tags.                                                                                                                                                                                                                   |
 | `upload-tag-name`         | no                                                                 |                                                                                                 | If specified and `upload-assets` is set to true, the provenance will be uploaded to a Github release identified by the tag-name regardless of the triggering event.                                                                                                                |
 | `provenance-name`         | no                                                                 | "(subject name).intoto.jsonl" if a single subject. "multiple.intoto.json" if multiple subjects. | The artifact name of the signed provenance. The file must have the `intoto.jsonl` extension.                                                                                                                                                                                       |
-| `attestation-name`        | no                                                                 | "(subject name).intoto.jsonl" if a single subject. "multiple.intoto.json" if multiple subjects. | The artifact name of the signed provenance. The file must have the `intoto.jsonl` extension. DEPRECATED: use `provenance-name` instead.                                                                                                                                            |
 | `private-repository`      | no                                                                 | false                                                                                           | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).                                                    |
 | `continue-on-error`       | no                                                                 | false                                                                                           | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.                                                                                                                                                                      |
 | `draft-release`           | no                                                                 | false                                                                                           | If true, the release is created as a draft                                                                                                                                                                                                                                         |
@@ -278,7 +277,6 @@ The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/b
 | Name               | Description                                                                                     |
 | ------------------ | ----------------------------------------------------------------------------------------------- |
 | `provenance-name`  | The artifact name of the signed provenance.                                                     |
-| `attestation-name` | The artifact name of the signed provenance. DEPRECATED: use `provenance-name` instead.          |
 | `outcome`          | If `continue-on-error` is `true`, will contain the outcome of the run (`success` or `failure`). |
 
 ### Provenance Format