Skip to content

Commit

Permalink
chore: ref builders at main (#3417)
Browse files Browse the repository at this point in the history
# Summary

ref builders at main

## Testing Process

...

## Checklist

- [ ] Review the contributing [guidelines](./../CONTRIBUTING.md)
- [ ] Add a reference to related issues in the PR description.
- [ ] Update documentation if applicable.
- [ ] Add unit tests if applicable.
- [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
  • Loading branch information
laurentsimon authored Mar 21, 2024
1 parent e4fc9a0 commit 5c347c0
Show file tree
Hide file tree
Showing 36 changed files with 95 additions and 95 deletions.
2 changes: 1 addition & 1 deletion .github/actions/generate-builder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ runs:
using: "composite"
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: ${{ inputs.repository }}
ref: ${{ inputs.ref }}
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-download-artifact/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ runs:

- name: Compute the hash
id: compute
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
with:
path: "${{ steps.validate-path.outputs.file_path }}"

Expand Down
4 changes: 2 additions & 2 deletions .github/actions/secure-download-folder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ runs:
steps:
- name: Compute a random value
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main

- name: Download the artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
Expand All @@ -41,7 +41,7 @@ runs:

- name: Compute the hash
id: compute
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
with:
path: "${{ steps.rng.outputs.random }}/folder.tgz"

Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-upload-artifact/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ runs:
steps:
- name: Compute binary hash
id: compute-digest
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main
with:
path: "${{ inputs.path }}"

Expand Down
2 changes: 1 addition & 1 deletion .github/actions/secure-upload-folder/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ runs:
- name: Upload the artifact
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
with:
name: "${{ inputs.name }}"
path: "${{ steps.create.outputs.tarball-path }}"
4 changes: 2 additions & 2 deletions .github/workflows/builder_bazel_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ jobs:
steps:
- name: Generate the token
id: generate
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main
with:
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
Expand All @@ -100,6 +100,6 @@ jobs:
id-token: write # For signing.
contents: read # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
with:
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}
14 changes: 7 additions & 7 deletions .github/workflows/builder_container-based_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main

# This detects the repository and ref of the reusable workflow.
# For pull request, this gets the referenced slsa-github-generator workflow.
Expand All @@ -180,7 +180,7 @@ jobs:
steps:
- name: Detect the builder ref
id: detect
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main

###################################################################
# #
Expand All @@ -197,7 +197,7 @@ jobs:
steps:
- name: Generate builder binary
id: generate
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -230,7 +230,7 @@ jobs:
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -357,7 +357,7 @@ jobs:
docker login "${untrusted_registry}" -u "${username}" -p "${password}"
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -485,7 +485,7 @@ jobs:
provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }}
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -575,7 +575,7 @@ jobs:
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/builder_go_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main

detect-env:
outputs:
Expand All @@ -142,7 +142,7 @@ jobs:
steps:
- name: Detect the builder ref
id: detect
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main

###################################################################
# #
Expand All @@ -157,7 +157,7 @@ jobs:
steps:
- name: Generate builder binary
id: generate
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -191,7 +191,7 @@ jobs:
needs: [builder, rng, detect-env]
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -238,7 +238,7 @@ jobs:
needs: [builder, build-dry, rng, detect-env]
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -320,7 +320,7 @@ jobs:
go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down Expand Up @@ -378,7 +378,7 @@ jobs:
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
steps:
- name: Checkout builder repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: "${{ needs.detect-env.outputs.repository }}"
ref: "${{ needs.detect-env.outputs.ref }}"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/builder_gradle_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ jobs:
steps:
- name: Generate the token
id: generate
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main
with:
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
Expand All @@ -85,7 +85,7 @@ jobs:
id-token: write # For signing.
contents: read # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
with:
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/builder_maven_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ jobs:
steps:
- name: Generate the token
id: generate
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main
with:
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
slsa-rekor-log-public: "${{ inputs.rekor-log-public }}"
Expand All @@ -81,7 +81,7 @@ jobs:
id-token: write # For signing.
contents: read # For asset uploads.
actions: read # For the entrypoint.
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
with:
slsa-token: "${{ needs.slsa-setup.outputs.slsa-token }}"

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/builder_nodejs_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ jobs:
steps:
- name: Generate the token
id: generate
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main
with:
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
Expand All @@ -104,6 +104,6 @@ jobs:
id-token: write # For signing.
contents: read # For repo checkout of private repos.
actions: read # For getting workflow run on private repos.
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
with:
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}
24 changes: 12 additions & 12 deletions .github/workflows/delegator_generic_slsa3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ jobs:
steps:
- name: Generate random 16-byte value (32-char hex encoded)
id: rng
uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main

# verify-token verifies the slsa token.
verify-token:
Expand All @@ -100,7 +100,7 @@ jobs:
steps:
- name: Verify token
id: verify
uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@main
with:
slsa-workflow-recipient: "delegator_generic_slsa3.yml"
slsa-unverified-token: ${{ inputs.slsa-token }}
Expand All @@ -109,7 +109,7 @@ jobs:

- name: Upload predicate
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
path: ${{ env.SLSA_PREDICATE_FILE }}
Expand All @@ -120,7 +120,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check private repos
uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@main
with:
error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override."
override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }}
Expand All @@ -147,7 +147,7 @@ jobs:
echo "$RUNNER: $RUNNER"
- name: Checkout the tool repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
with:
repository: ${{ needs.verify-token.outputs.tool-repository }}
ref: ${{ needs.verify-token.outputs.tool-ref }}
Expand All @@ -171,7 +171,7 @@ jobs:
tree
- name: Checkout the project repository
uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main
with:
fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }}
checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }}
Expand Down Expand Up @@ -213,7 +213,7 @@ jobs:
- name: Upload artifact layout file
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
path: "${{ env.SLSA_ARTIFACTS_FILE }}"
Expand All @@ -229,14 +229,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download the artifact layout file
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
path: "${{ env.SLSA_ARTIFACTS_FILE }}"
sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }}

- name: Download the predicate file
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main
with:
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
path: ${{ env.SLSA_PREDICATE_FILE }}
Expand Down Expand Up @@ -266,7 +266,7 @@ jobs:
- name: Generate attestations
id: attestations
uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@main
with:
slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }}
predicate-type: ${{ steps.predicate-type.outputs.predicate-type }}
Expand All @@ -275,14 +275,14 @@ jobs:

- name: Sign attestations
id: sign
uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@main
with:
attestations: attestations
output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations"

- name: Upload attestations
id: upload
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.1-rc.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@main
with:
name: "${{ needs.rng.outputs.value }}-slsa-attestations"
path: "${{ needs.rng.outputs.value }}-slsa-attestations"
Expand Down
Loading

0 comments on commit 5c347c0

Please sign in to comment.