File tree 3 files changed +55
-0
lines changed
3 files changed +55
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Pre submits e2e
2+ on :
3+ pull_request :
4+ branches : ["main"]
5+ workflow_dispatch :
6+
7+ permissions : read-all
8+
9+ jobs :
10+ pre-submit :
11+ runs-on : ubuntu-latest
12+ steps :
13+ - name : Checkout
14+ uses : actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
15+ with :
16+ path : __THIS_REPO__
17+
18+ - name : setup-go
19+ uses : actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
20+ with :
21+ go-version : " 1.18"
22+
23+ - name : Build verifier at HEAD
24+ working-directory : __THIS_REPO__
25+ run : |
26+ set -euo pipefail
27+ go build -o slsa-verifier ./cli/slsa-verifier
28+
29+ name : Checkout e2e verification script
30+ uses : actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
31+ with :
32+ path : __EXAMPLE_PACKAGE__
33+ repository : slsa-framework/example-package
34+
35+ - name : Run verification script with testdata and slsa-verifier HEAD
36+ run : ./__THIS_REPO__/.github/workflows/scripts/e2e-cli.sh
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ # Verify provenance authenticity with slsa-verifier at HEAD
4+
5+
6+ cd __EXAMPLE_PACKAGE__
7+ # shellcheck source=/dev/null
8+ source " ./.github/workflows/scripts/e2e-verify.common.sh"
9+
10+ # Set THIS_FILE to correspond with the artifact properties
11+ export THIS_FILE=e2e.go.workflow_dispatch.main.config-noldflags.slsa3.yml
12+ export BRANCH=main
13+
14+ # Set BINARY and PROVENANCE
15+ cd -
16+ export BINARY=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch
17+ export PROVENANCE=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch.intoto.jsonl
18+
19+ GITHUB_REPOSITORY=slsa-framework/example-package verify_provenance_authenticity " ./__THIS_REPO__/slsa-verifier" " HEAD"
You can’t perform that action at this time.
0 commit comments