Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect builder repo and ref from oidc token #25

Merged
merged 12 commits into from
Apr 1, 2022
Merged

Detect builder repo and ref from oidc token #25

merged 12 commits into from
Apr 1, 2022

Conversation

asraa
Copy link
Collaborator

@asraa asraa commented Mar 31, 2022
edited

Signed-off-by: Asra Ali asraa@google.com

Fixes #24

@asraa
detect builder repo and ref from oidc token
83e151e 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update
38db006 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa changed the title WIP: detect builder repo and ref from oidc token Detect builder repo and ref from oidc token Mar 31, 2022
@asraa asraa marked this pull request as ready for review March 31, 2022 17:47
@asraa
Copy link
Collaborator Author

asraa commented Mar 31, 2022
edited

Ready! @laurentsimon
Works at https://github.com/asraa/slsa-on-github-test/actions/runs/2072726014
much easier to just update the ref once!

@asraa
clean up
b5bff8b 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
swap fix
664592d 
Signed-off-by: Asra Ali <asraa@google.com>
laurentsimon
laurentsimon approved these changes Mar 31, 2022
View reviewed changes
Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

.github/workflows/builder.yml Outdated Show resolved Hide resolved
.github/workflows/builder.yml Outdated Show resolved Hide resolved
.github/workflows/builder.yml Show resolved Hide resolved
@laurentsimon laurentsimon mentioned this pull request Mar 31, 2022
Closed
@asraa
address comments
effe29e 
Signed-off-by: Asra Ali <asraa@google.com>
@laurentsimon laurentsimon enabled auto-merge (squash) April 1, 2022 15:45
@asraa asraa disabled auto-merge April 1, 2022 15:49
@asraa
Copy link
Collaborator Author

asraa commented Apr 1, 2022

FYI doesn't want to issue for "Failed to get OIDC token from GitHub, response 403: Can't issue ID_TOKEN for audience 'https://github.com/slsa-framework/slsa-github-generator-go'."

might be because of the full qualification or a bad char... seemed like i had seen azure examples for this, will try to find docs about it

@asraa asraa closed this Apr 1, 2022
@asraa asraa reopened this Apr 1, 2022
@laurentsimon laurentsimon mentioned this pull request Apr 1, 2022
Merged
@asraa
try aud
03eedca 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
use workflow ref
c6afbe0 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
use repo
42e0f4d 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
avoid 403
f189b9a 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
use builder
89eb611 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
fix file
c9f490f 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
Copy link
Collaborator Author

asraa commented Apr 1, 2022

all good now -- i can't get fully qualified URI, and I suspect the 403 is because the context of the caller is not for the reusable workflow github repo :/

@asraa asraa enabled auto-merge (squash) April 1, 2022 17:10
@laurentsimon
Copy link
Contributor

all good now -- i can't get fully qualified URI, and I suspect the 403 is because the context of the caller is not for the reusable workflow github repo :/

Gotcha, that's probably good enough.

@asraa asraa merged commit 87c137e into slsa-framework:main Apr 1, 2022
@ianlewis ianlewis mentioned this pull request Apr 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature: dynamic repo checkout
2 participants
@asraa @laurentsimon