Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix builder-fetch.sh path #1221

Merged
merged 5 commits into from
Nov 9, 2022
Merged

Fix builder-fetch.sh path #1221

merged 5 commits into from
Nov 9, 2022

Conversation

ianlewis
Copy link
Member

@ianlewis ianlewis commented Nov 9, 2022

Signed-off-by: Ian Lewis ianlewis@google.com

@ianlewis
Fix path
315c857 
Signed-off-by: Ian Lewis <ianlewis@google.com>
asraa
asraa reviewed Nov 9, 2022
View reviewed changes
Copy link
Collaborator

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somewhat naive question but could this script have been invoked after changing to the ./BUILDER_CHECKOUT__DIR/ here

slsa-github-generator/.github/actions/generate-builder/action.yml

Line 78 in 55d5ea5

run: ./__BUILDER_CHECKOUT_DIR__/.github/actions/generate-builder/generate-builder.sh
?

(that way the script doesn't need to know the outer context)

@ianlewis
Copy link
Member Author

ianlewis commented Nov 9, 2022

somewhat naive question but could this script have been invoked after changing to the ./BUILDER_CHECKOUT__DIR/ here

slsa-github-generator/.github/actions/generate-builder/action.yml

Line 78 in 55d5ea5

run: ./__BUILDER_CHECKOUT_DIR__/.github/actions/generate-builder/generate-builder.sh

?
(that way the script doesn't need to know the outer context)

Yeah, I thought about that. We could probably set the working dir.

@ianlewis
set working dir
c66aa7b 
Signed-off-by: Ian Lewis <ianlewis@google.com>
@ianlewis
Merge remote-tracking branch 'origin/fix-generate-builder' into fix-g…
484823c 
…enerate-builder
@asraa
Copy link
Collaborator

asraa commented Nov 9, 2022

Yeah, I thought about that. We could probably set the working dir.

I think it would be somewhat clearer, but feel free to push back: we know this one works

@ianlewis
Copy link
Member Author

ianlewis commented Nov 9, 2022

Yeah, I thought about that. We could probably set the working dir.

I think it would be somewhat clearer, but feel free to push back: we know this one works

I agree. I would like to keep the script context free if possible.

@laurentsimon
Copy link
Collaborator

laurentsimon commented Nov 9, 2022
edited
Loading

somewhat naive question but could this script have been invoked after changing to the ./BUILDER_CHECKOUT__DIR/ here

slsa-github-generator/.github/actions/generate-builder/action.yml

Line 78 in 55d5ea5

run: ./__BUILDER_CHECKOUT_DIR__/.github/actions/generate-builder/generate-builder.sh

?
(that way the script doesn't need to know the outer context)

Yeah, I thought about that. We could probably set the working dir.

what do you mean by outer context? I think we need to agree on the way all actions invoke scripts for consistency. Otherwise we'll start running into subtle problems: the folders to access the source code (PROJECT_CHECKOUT_DIR) won't be accessible the same way from different scripts, etc. Keeping the invocation from the default director simplifies the code in general, I think
Fyi, Actions don't support working-directory, so setting it will add inconsistency across scripts and Actions well

@asraa
Copy link
Collaborator

asraa commented Nov 9, 2022

what do you mean by outer context?

The outer context being the action YAML that's invoking it.

OK thinking about it from that angle, I'd actually assume that scripts in internal actions should be running relative to that action, not the root of the slsa-github-generator repository

@laurentsimon
Copy link
Collaborator

laurentsimon commented Nov 9, 2022
edited
Loading

what do you mean by outer context?

The outer context being the action YAML that's invoking it.

OK thinking about it from that angle, I'd actually assume that scripts in internal actions should be running relative to that action, not the root of the slsa-github-generator repository

I don't think we can assume that. Sometimes the internal Actions need to access the PROJECT_CHECKOUT_DIR. Having the working directory the top-level root means we can keep the access the same and can easily identify what's invoking: something in the project repo or the builder repo. If we remove this, I'm afraid we're going to start wondering what the working directory is, and make mistakes overwriting things we should not. We want to be sure we don't overwrite builder's code, for example.

@ianlewis
Copy link
Member Author

ianlewis commented Nov 9, 2022

what do you mean by outer context?

The outer context being the action YAML that's invoking it.

OK thinking about it from that angle, I'd actually assume that scripts in internal actions should be running relative to that action, not the root of the slsa-github-generator repository

what do you mean by outer context?

The outer context being the action YAML that's invoking it.
OK thinking about it from that angle, I'd actually assume that scripts in internal actions should be running relative to that action, not the root of the slsa-github-generator repository

I don't think we can assume that. Sometimes the internal Actions need to access the PROJECT_CHECKOUT_DIR. Having the working directory the top-level root means we can keep the access the same and can easily identify what's invoking: something in the project repo or the builder repo. If we remove this, I'm afraid we're going to start wondering what the working directory is, and make mistakes overwriting things we should not. We want to be sure we don't overwrite builder's code, for example.

Right, Unfortunately a lot of actions need to do something outside of their own directory in the workspace. If there is any real consistency to be had, it's probably, as @laurentsimon is suggesting, always running scripts from the root of the workspace.

@laurentsimon
Copy link
Collaborator

Yeah, I thought about that. We could probably set the working dir.

I think it would be somewhat clearer, but feel free to push back: we know this one works

I'd like to push back for the reasons in other comments :)

@ianlewis
Revert "set working dir"
702cc35 
This reverts commit c66aa7b.
@ianlewis
Copy link
Member Author

ianlewis commented Nov 9, 2022

Fyi, Actions don't support working-directory, so setting it will add inconsistency across scripts and Actions well

it's moot to the argument at this point. but actions do support working-directory

@ianlewis ianlewis enabled auto-merge (squash) November 9, 2022 01:29
@ianlewis ianlewis merged commit 8e01a5f into slsa-framework:main Nov 9, 2022
@laurentsimon
Copy link
Collaborator

laurentsimon commented Nov 9, 2022
edited
Loading

Fyi, Actions don't support working-directory, so setting it will add inconsistency across scripts and Actions well

it's moot to the argument at this point. but actions do support working-directory

Last time I tried it was an invalid workflow, IIRC. I think it only works for the run command. I think that's what the document hints at with where the command is run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

@laurentsimon laurentsimon Awaiting requested review from laurentsimon laurentsimon is a code owner

@joshuagl joshuagl Awaiting requested review from joshuagl joshuagl is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ianlewis @asraa @laurentsimon