fix: Update release docs (#3589)

# Summary A few fixes and additions to the release docs. - fix the `sed` commands - add Github container registry auth instructions related PR slsa-framework/slsa-verifier#761 ## Testing Process Manual testing locally. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
slsa-framework · May 8, 2024 · 2f113ff · 2f113ff
1 parent 88d8fa6
commit 2f113ff
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -163,7 +163,7 @@ There is one integration test we cannot easily test "live", so we need to simula
    using this command:
 
    ```shell
-   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\\\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/builder_go_slsa3.yml
+   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/builder_go_slsa3.yml
    ```
 
    Add `testing: true` as an input.
@@ -177,7 +177,7 @@ There is one integration test we cannot easily test "live", so we need to simula
    using this command:
 
    ```shell
-   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\\\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/generator_generic_slsa3.yml
+   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/generator_generic_slsa3.yml
    ```
 
    Add `testing: true` as an input.
@@ -191,7 +191,7 @@ There is one integration test we cannot easily test "live", so we need to simula
    using this command:
 
    ```shell
-   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\\\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/generator_container_slsa3.yml
+   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/generator_container_slsa3.yml
    ```
 
    Add `testing: true` as an input.
@@ -205,7 +205,7 @@ There is one integration test we cannot easily test "live", so we need to simula
    using this command:
 
    ```shell
-   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\\\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/builder_container-based_slsa3.yml
+   sed -i "s/uses: slsa-framework\/slsa-github-generator\/\.github\/actions\/generate-builder@\(main\|v[0-9]\+\.[0-9]\+\.[0-9]\+\(-rc\.[0-9]\+\)\?\)/uses: ${BUILDER_REPOSITORY/\//\/}\/.github\/actions\/generate-builder@${BUILDER_TAG}/" .github/workflows/builder_container-based_slsa3.yml
    ```
 
    Add `testing: true` as an input.
@@ -618,6 +618,15 @@ Then, for each of the GHA builders, you will need to:
    `./cli/slsa-verifier/testdata/gha_generic_container/$BUILDER_TAG/` directory
    in the slsa-verifier repository.
 
+   Make sure you are authenticated to GitHub's Container registry:
+
+   ```shell
+   gh auth login --scopes=read:packages
+   echo `gh auth token` | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
+   ```
+
+   Export the image:
+
    ```shell
    cosign save \
        --dir ./cli/slsa-verifier/testdata/gha_generic_container/$BUILDER_TAG/container_workflow_dispatch \