Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add release workflow test at presubmit #212

Merged
merged 4 commits into from
Aug 15, 2022
Merged

ci: add release workflow test at presubmit #212

merged 4 commits into from
Aug 15, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Aug 12, 2022
edited
Loading

Signed-off-by: Asra Ali [email protected]

To ensure that the release workflow will work before we push a release, because maybe the releaser config went stale.

fixes #211

@asraa asraa requested a review from laurentsimon August 12, 2022 19:51
@asraa
Copy link
Contributor Author

asraa commented Aug 12, 2022

@laurentsimon do you know why the go builder at v1.2.0 is failing?

@laurentsimon
Copy link
Contributor

not sure. We don't officially support PR, maybe there's something going on there. Maybe the OIDC token is failing (not write access) and so the builder cannot figure its hash to checkout itself?

@laurentsimon
Copy link
Contributor 

repository:asraa/slsa-verifier
ref:add-test-presubmit

so it knows what to fetch. However, there's some code that validates the repo name, and only allow example-package and / or this repo.. maybe that's what's going on.

@asraa
Copy link
Contributor Author

asraa commented Aug 12, 2022

so it knows what to fetch. However, there's some code that validates the repo name, and only allow example-package and / or this repo.. maybe that's what's going on.

Ah I see. Maybe I should just run this on schedule instead.

@laurentsimon
Copy link
Contributor

laurentsimon commented Aug 12, 2022
edited
Loading

Btw, how are we going to keep this pre-submit in sync with the release workflow? I mean, that the versions are the same?Shall we use the same workflow and add a trigger to it? Or use a workflow_run trigger and trigger it on PR and during release?
(We'd need to add some code in the release trigger workflow to upload the provenance manually, since the trigger to the workflow_run would be different)

Do we need to compile-builder? I don't think it's necessary.

@asraa
Copy link
Contributor Author

asraa commented Aug 12, 2022

Shall we use the same workflow and add a trigger to it? Or use a workflow_run trigger and trigger in on PR and during release?

Yeah, let's nuke the separate workflow, and use the same one. Instead of on PR, we can trigger once daily or something on schedule just for testing?

This way we can still keep the on push tags for automatic upload

@laurentsimon
Copy link
Contributor

so it knows what to fetch. However, there's some code that validates the repo name, and only allow example-package and / or this repo.. maybe that's what's going on.

Ah I see. Maybe I should just run this on schedule instead.

If that simplifies our life, I think that works. Let's create an issue when that happens.

@laurentsimon
Copy link
Contributor

Can re-use this code https://github.com/slsa-framework/example-package/blob/main/.github/workflows/scripts/e2e-report-failure.sh

@laurentsimon
Copy link
Contributor

Shall we use the same workflow and add a trigger to it? Or use a workflow_run trigger and trigger in on PR and during release?

Yeah, let's nuke the separate workflow, and use the same one. Instead of on PR, we can trigger once daily or something on schedule just for testing?

This way we can still keep the on push tags for automatic upload

+1. The code is for the generator anyway, so need to run on each PR.

@asraa
Copy link
Contributor Author

asraa commented Aug 12, 2022

nice! done

laurentsimon
laurentsimon approved these changes Aug 12, 2022
View reviewed changes
Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

asraa added 2 commits August 12, 2022 16:01
@asraa
tag
363f2c8 
Signed-off-by: Asra Ali <[email protected]>
@asraa
update token
509e9b8 
Signed-off-by: Asra Ali <[email protected]>
@asraa asraa merged commit 5c43d40 into slsa-framework:main Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Test release config file in pre-submit
2 participants
@asraa @laurentsimon