Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add GITHUB_BASE_REF in env list for BYOB #2471

Merged
merged 2 commits into from
Jul 25, 2023
Merged

feat: Add GITHUB_BASE_REF in env list for BYOB #2471

merged 2 commits into from
Jul 25, 2023

Conversation

laurentsimon
Copy link
Collaborator

This env variable is missing, yet necessary during verification when verifying the branch on tag triggers https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/slsaprovenance/common/common.go#L96-L99

@laurentsimon
update
fe0ecf4 
Signed-off-by: laurentsimon <laurentsimon@google.com>
@laurentsimon
update
6e65e87 
Signed-off-by: laurentsimon <laurentsimon@google.com>
@ianlewis ianlewis merged commit 389ab52 into slsa-framework:main Jul 25, 2023
74 checks passed
@ianlewis ianlewis mentioned this pull request Jul 25, 2023
Closed
@laurentsimon laurentsimon mentioned this pull request Jul 26, 2023
Merged
ianlewis pushed a commit that referenced this pull request Jul 26, 2023
@laurentsimon
fix: verify-token allow empty base_ref (#2475)
bb63553 
#2471 added
the base_ref in verify-token but this value may be empty.

This PR allows the base_ref to be empty string.

Signed-off-by: laurentsimon <laurentsimon@google.com>
enteraga6 pushed a commit to enteraga6/slsa-github-generator that referenced this pull request Aug 8, 2023
@laurentsimon @enteraga6
feat: Add GITHUB_BASE_REF in env list for BYOB (slsa-framework#2471)
a6a8106 
This env variable is missing, yet necessary during verification when
verifying the branch on tag triggers
https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/slsaprovenance/common/common.go#L96-L99

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Noah Elzner <elzner@google.com>
enteraga6 pushed a commit to enteraga6/slsa-github-generator that referenced this pull request Aug 8, 2023
@laurentsimon @enteraga6
fix: verify-token allow empty base_ref (slsa-framework#2475)
c96c622 
slsa-framework#2471 added
the base_ref in verify-token but this value may be empty.

This PR allows the base_ref to be empty string.

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Noah Elzner <elzner@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ianlewis ianlewis ianlewis approved these changes

@asraa asraa Awaiting requested review from asraa

@joshuagl joshuagl Awaiting requested review from joshuagl joshuagl is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@laurentsimon @ianlewis