Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Release v1.6.0-rc.0 #1924

Merged
merged 2 commits into from
Apr 5, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/generate-builder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ runs:
using: "composite"
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.ref }}
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-download-artifact/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ runs:

- name: Compute the hash
id: compute
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0
with:
path: "${{ inputs.path }}"

Expand Down
4 changes: 2 additions & 2 deletions .github/actions/secure-download-folder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ runs:
steps:
- name: Compute a random value
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0

- name: Download the artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
Expand All @@ -27,7 +27,7 @@ runs:

- name: Compute the hash
id: compute
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0
with:
path: "${{ steps.rng.outputs.random }}/folder.tgz"

Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-upload-artifact/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ runs:
steps:
- name: Compute binary hash
id: compute-digest
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0
with:
path: "${{ inputs.path }}"

Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-upload-folder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ runs:
- name: Upload the artifact
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0
with:
name: "${{ inputs.name }}"
path: "${{ steps.create.outputs.tarball-path }}"
14 changes: 7 additions & 7 deletions .github/workflows/builder_docker-based_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0

# This detects the repository and ref of the reusable workflow.
# For pull request, this gets the referenced slsa-github-generator workflow.
Expand All @@ -168,7 +168,7 @@ jobs:
steps:
- name: Detect the builder ref
id: detect
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.6.0-rc.0

###################################################################
# #
Expand All @@ -185,7 +185,7 @@ jobs:
steps:
- name: Generate builder binary
id: generate
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -218,7 +218,7 @@ jobs:
steps:
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -346,7 +346,7 @@ jobs:


- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -474,7 +474,7 @@ jobs:
provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }}
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -564,7 +564,7 @@ jobs:
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/builder_go_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0

detect-env:
outputs:
Expand All @@ -112,7 +112,7 @@ jobs:
steps:
- name: Detect the builder ref
id: detect
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0

###################################################################
# #
Expand All @@ -127,7 +127,7 @@ jobs:
steps:
- name: Generate builder binary
id: generate
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -161,7 +161,7 @@ jobs:
needs: [builder, rng, detect-env]
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:
needs: [builder, build-dry, rng, detect-env]
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -287,7 +287,7 @@ jobs:
go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -345,7 +345,7 @@ jobs:
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/builder_nodejs_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ jobs:
steps:
- name: Generate the token
id: generate
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-token@main
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-token@v1.6.0-rc.0
with:
slsa-workflow-recipient: "delegator_generic_slsa3.yml"
slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
Expand All @@ -83,7 +83,7 @@ jobs:
id-token: write # For signing.
contents: write # For asset uploads.
packages: write # For publishing to GitHub packages.
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@main
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v1.6.0-rc.0
with:
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}

Expand Down Expand Up @@ -111,7 +111,7 @@ jobs:
# NOTE: secure-download-artifact ensures that the downloaded file doesn't overwrite an existing file.
- name: Download package
id: package-download
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0
with:
name: ${{ fromJSON(needs.slsa-run.outputs.build-artifacts-outputs).package-download-name }}
path: ${{ fromJSON(needs.slsa-run.outputs.build-artifacts-outputs).package-filename }}
Expand Down
22 changes: 11 additions & 11 deletions .github/workflows/delegator_generic_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0

# verify-token verifies the slsa token.
verify-token:
Expand All @@ -91,15 +91,15 @@ jobs:
steps:
- name: Verify token with test action
id: verify
uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@main
uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.6.0-rc.0
with:
slsa-workflow-recipient: "delegator_generic_slsa3.yml"
slsa-unverified-token: ${{ inputs.slsa-token }}
output-predicate: ${{ env.SLSA_PREDICATE_FILE }}

- name: Upload predicate
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
path: ${{ env.SLSA_PREDICATE_FILE }}
Expand All @@ -110,7 +110,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check private repos
uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@main
uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.6.0-rc.0
with:
error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override."
override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }}
Expand Down Expand Up @@ -138,7 +138,7 @@ jobs:
echo "$RUNNER: $RUNNER"

- name: Checkout the tool repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: ${{ needs.verify-token.outputs.tool-repository }}
ref: ${{ needs.verify-token.outputs.tool-ref }}
Expand All @@ -162,7 +162,7 @@ jobs:
tree

- name: Checkout the project repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.6.0-rc.0

# NOTE: This calls the Action defined in the slsa-token.
- name: Build artifacts
Expand All @@ -188,7 +188,7 @@ jobs:

- name: Upload artifact layout file
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
path: "${{ env.SLSA_ARTIFACTS_FILE }}"
Expand All @@ -203,14 +203,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download the artifact layout file
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
path: "${{ env.SLSA_ARTIFACTS_FILE }}"
sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }}

- name: Download the predicate file
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
path: ${{ env.SLSA_PREDICATE_FILE }}
Expand Down Expand Up @@ -240,7 +240,7 @@ jobs:

- name: Generate attestations
id: attestations
uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@main
uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.6.0-rc.0
with:
slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }}
predicate-type: ${{ steps.predicate-type.outputs.predicate-type }}
Expand All @@ -249,7 +249,7 @@ jobs:

- name: Sign attestations
id: sign
uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@main
uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.6.0-rc.0
with:
attestations: attestations
output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Detect the builder ref
id: detect
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0
- name: Update the build definition
# We use a build definition hard-coded in testadata. To ensure validation against
# workflow context, we must update the source references.
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/generator_container_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
- name: Detect the generator ref
id: detect
continue-on-error: true
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0

- name: Final outcome
id: final
Expand Down Expand Up @@ -125,7 +125,7 @@ jobs:
- name: Generate builder
id: generate-builder
continue-on-error: true
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/generator_generic_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
- name: Detect the generator ref
id: detect
continue-on-error: true
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0

- name: Final outcome
id: final
Expand Down Expand Up @@ -148,7 +148,7 @@ jobs:
- name: Generate builder
id: generate-builder
continue-on-error: true
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -222,7 +222,7 @@ jobs:
- name: Checkout builder repository
id: checkout-builder
continue-on-error: true
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
id-token: write # For signing.
contents: write # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0
with:
go-version: "1.20"
config-file: .github/workflows/configs-container/config-release.yml
Expand All @@ -59,7 +59,7 @@ jobs:
id-token: write # For signing.
contents: write # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0
with:
go-version: "1.20"
config-file: .github/workflows/configs-generic/config-release.yml
Expand All @@ -72,7 +72,7 @@ jobs:
id-token: write # For signing.
contents: write # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0
with:
go-version: "1.20"
config-file: .github/workflows/configs-go/config-release.yml
Expand Down