Skip to content

Commit 18f6862

Browse files
laurentsimonlaurentsimon
committed
update
Signed-off-by: laurentsimon <[email protected]>
1 parent 062c560 commit 18f6862

File tree

2 files changed

+28
-4
lines changed

2 files changed

+28
-4
lines changed

.github/workflows/pre-submit.e2e.yml

+2
Original file line numberDiff line numberDiff line change
@@ -34,3 +34,5 @@ jobs:
3434

3535
- name: Run verification script with testdata and slsa-verifier HEAD
3636
run: ./__THIS_REPO__/.github/workflows/scripts/e2e-cli.sh
37+
env:
38+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Necessary to use the gh CLI.

.github/workflows/scripts/e2e-cli.sh

+26-4
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,41 @@
11
#!/bin/bash
22

3+
repo="slsa-framework/example-package"
4+
api_version="X-GitHub-Api-Version: 2022-11-28"
35
# Verify provenance authenticity with slsa-verifier at HEAD
6+
download_artifact(){
7+
local run_id="$1"
8+
local artifact_name="$2"
9+
# Get the artifact ID for 'artifact1'
10+
artifact_id=$($GH api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/runs/$run_id/artifacts" | jq ".artifacts[] | select(.name == \"$artifact_name\") | .id")
11+
echo "artifact_id:$artifact_id"
412

13+
$GH api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/artifacts/$artifact_id/zip" > "$artifact_name.zip"
14+
unzip "$artifact_name".zip
15+
}
16+
17+
# Get workflow ID.
18+
workflow_id=$($GH api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows?per_page=100" | jq '.workflows[] | select(.path == ".github/workflows/e2e.generic.schedule.main.multi-uses.slsa3.yml") | .id')
19+
echo "workflow_id:$workflow_id"
20+
21+
# Get the run ID for the most recent run.
22+
run_id=$($GH api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows/$workflow_id/runs?per_page=1" | jq '.workflow_runs[0].id')
23+
echo "run_id:$run_id"
24+
25+
download_artifact "$run_id" "artifacts1"
26+
download_artifact "$run_id" "attestation1.intoto.jsonl"
527

628
cd __EXAMPLE_PACKAGE__
729
# shellcheck source=/dev/null
830
source "./.github/workflows/scripts/e2e-verify.common.sh"
931

1032
# Set THIS_FILE to correspond with the artifact properties
11-
export THIS_FILE=e2e.go.workflow_dispatch.main.config-noldflags.slsa3.yml
33+
export THIS_FILE=e2e.generic.schedule.main.multi-uses.slsa3.yml
1234
export BRANCH=main
1335

1436
# Set BINARY and PROVENANCE
1537
cd -
16-
export BINARY=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch
17-
export PROVENANCE=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch.intoto.jsonl
38+
export BINARY=artifact1
39+
export PROVENANCE=attestation1.intoto.jsonl
1840

19-
GITHUB_REPOSITORY=slsa-framework/example-package verify_provenance_authenticity "./__THIS_REPO__/slsa-verifier" "HEAD"
41+
GITHUB_REPOSITORY="$repo" verify_provenance_authenticity "./__THIS_repo__/slsa-verifier" "HEAD"

0 commit comments

Comments
 (0)