-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Use go code within the builder_go_slsa3.yml #398
Comments
I'd prefer not to use bash where it makes sense as well. I think the main issue with this is that we have to compile and run the code each run, it pretty hard for small snippets and increases the build times since Go compilation time isn't trivial. We've needed to reduce run time for #74 before. I'm not totally sure about the builder workflows themselves but it might make sense for us to rewrite some of our e2e tests in Go since much more extensive bash. |
+1 to what @ianlewis said. Go can be an option when there are few dependencies (also good for maintenance and attack surface reduction). We use Go for the detect action https://github.com/slsa-framework/slsa-github-generator/tree/main/.github/actions/detect-workflow, and it seems to be fast enough. We have #87, #132 and #26 that are related. We should be able to reduce code duplication with #26. The code for building/verifying artifact after download (sha256sum command) is duplicated in the Go and generic workflow. And we could possibly use typescript, which requires no compilation and is fast for GH actions. I suspect we'll still need a little bit of scripts, especially when we use composite GH actions to perform multiple steps at once. |
Yeah, it's a balance between
As @laurentsimon said, I think the solution will not necessarily be just porting the existing scripts to Go but mostly creating reusable actions that are written in another language. That way it strikes a better balance with the concerns above. If we have that we can maybe just small snippets of bash and minimize the amount of code that we have to maintain. |
The goal for this port from shell script to `go` was to reduce the amount of shell script. It is easier to refactor managed code compared to shell script. This has been discussed slsa-framework#398 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
The goal for this port from shell script to `go` was to reduce the amount of shell script. It is easier to refactor managed code compared to shell script. This has been discussed slsa-framework#398 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Adding comments from PR #503
|
The workflows now use common actions, so I think we can close this issue. Please re-open if needed. Thanks |
Is your feature request related to a problem? Please describe.
This
slsa-github-generator/.github/workflows/builder_go_slsa3.yml
Line 15 in 024238b
Describe the solution you'd like
Use go code instead of using shell script. Another option is to use something like https://github.com/magefile/mage for doing this. Also
mage
has0
dependencies.The text was updated successfully, but these errors were encountered: