Using Artifact Attestations

[jakirkham]

Checklist

• I added a descriptive title
• I searched open requests and couldn't find a duplicate

What is the idea?

Recently at the Scientific Python Summit @matthewfeickert pointed out that GitHub has provided support for Artifact Attestations using Sigstore ( scientific-python/summit-2024#9 ). This is also covered in this GitHub blogpost from last month

The process uses artifacts built in a GitHub Action workflow to create the Attestation. Given we have recently gone through the work of setting up Conda ( #13399 ) and Conda-Build ( conda/conda-build#5340 ) to use GitHub Actions to create source artifacts, think it would be a good idea to go a step further and setup Attestations for them as well

Given both Conda & Conda-build (and possible other Conda projects; especially those in the incubator), could benefit we may want to set this up in a shared space

Why is this needed?

This would provide clarity to consumers of our source artifacts how they were generated with checksums, links to the GHA workflow used, author, etc.

Generally this should help provide consumers more trust around our artifact process

What should happen?

AIUI there are 2 main pieces, the upload.yml workflow that produces our source artifacts would need these permission changes

permissions:
  id-token: write
  attestations: write
  contents: read

Then after the source artifact is created, we would add this step to generate the attestations

    - name: Attest Build Provenance
        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
        with:
        subject-path: "<artifact path>"

Have copied and tweaked these from the GitHub blogpost above

Additional Context

No response

[jakirkham]

Also since this may be useful in multiple projects, happy to move this issue to a more general place (if someone would like to recommend a location 🙂)

[matthewfeickert]

I'm happy to review PRs for this. I'm realistically a bit busy with physics conferences in the next weeks to make them, but happy to review. :)

[jakirkham]

Ah the ping here was intended as "Thank you for this suggestion! We will work on next steps"

Please don't feel under any obligation to do anything 😌

That said, we would definitely appreciate your help reviewing 😄

[jezdez]

Thank you @jakirkham for bringing this up, GitHub's beta launch has been on my radar.

There are a few concerns that block this at the moment:

• GitHub's product wrapping of sigstore and in-toto are not vendor neutral, while conda and conda-build have an outsized importance for an own supply chain
• using GitHub's source of identity for providing the attestation is concerning to me and I would rather review what for example the Python Security Team is doing
• I've talked with Seth at PyCon US about it and plan to act on it
• this is a topic to be discussed in the upcoming conda community security team

There is no need for any action at the moment, thank you for raising it though, it's quite timely!

[jakirkham]

Thanks Jannis! 🙏

Where would I find more information about existing discussions on these topics?

[matthewfeickert]

GitHub's product wrapping of sigstore and in-toto are not vendor neutral, while conda and conda-build have an outsized importance for an own supply chain

@jezdez Here would something like https://github.com/sigstore/gh-action-sigstore-python be more appropriate in your mind?

• using GitHub's source of identity for providing the attestation is concerning to me and I would rather review what for example the Python Security Team is doing
• I've talked with Seth at PyCon US about it and plan to act on it

I don't follow the conda community security team meetings, but if you have general feedback and information here it would be great to get that information in the SPEC 8 draft (scientific-python/summit-2024#9). I think we'd all be very keen to learn from the discussions you've had.