diff --git a/.github/workflows/builder_bazel_slsa3.yml b/.github/workflows/builder_bazel_slsa3.yml index 129a13f922..df2d81fbc7 100644 --- a/.github/workflows/builder_bazel_slsa3.yml +++ b/.github/workflows/builder_bazel_slsa3.yml @@ -100,6 +100,6 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: ramonpetgrave64/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@gradle-debug with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_gradle_slsa3.yml b/.github/workflows/builder_gradle_slsa3.yml index 53dea0476b..41ff7111b3 100644 --- a/.github/workflows/builder_gradle_slsa3.yml +++ b/.github/workflows/builder_gradle_slsa3.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main + uses: ramonpetgrave64/slsa-github-generator/actions/delegator/setup-generic@gradle-debug with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -85,7 +85,7 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: ramonpetgrave64/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@gradle-debug with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/internal/builders/gradle/action.yml b/internal/builders/gradle/action.yml index 1d7c29a31d..73943da72f 100644 --- a/internal/builders/gradle/action.yml +++ b/internal/builders/gradle/action.yml @@ -119,15 +119,9 @@ runs: PROJECT_ROOT: ${{ steps.run_gradle_builder.outputs.validated_project_root }} run: | cd "${PROJECT_ROOT}" && "${GITHUB_WORKSPACE}"/../__TOOL_ACTION_DIR__/create_attestation.sh - - name: Move build dir to avoid making it a sub-dir when uploading - shell: bash - env: - PROJECT_ROOT: ${{ steps.run_gradle_builder.outputs.validated_project_root }} - run: | - mv "${PROJECT_ROOT}"/build "${GITHUB_WORKSPACE}"/ - name: Upload build dir id: upload-build-dir uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@main with: name: "${{ steps.rng.outputs.random }}-build" - path: build + path: slsa-build diff --git a/internal/builders/gradle/collect_release_artifacts.sh b/internal/builders/gradle/collect_release_artifacts.sh index 07014bb7fa..5291d950a6 100755 --- a/internal/builders/gradle/collect_release_artifacts.sh +++ b/internal/builders/gradle/collect_release_artifacts.sh @@ -16,7 +16,7 @@ set -euo pipefail -mkdir release-files-for-slsa +mkdir slsa-build GRADLE_VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}') # Move artifacts from the user-supplied artifact list @@ -38,5 +38,5 @@ do # Move the file bn=$(basename -- "$path_with_version") - cp "$path_with_version" release-files-for-slsa/"$bn" + cp "$path_with_version" slsa-build/"$bn" done diff --git a/internal/builders/gradle/create_attestation.sh b/internal/builders/gradle/create_attestation.sh index c788a09ccf..c1b785d2b2 100755 --- a/internal/builders/gradle/create_attestation.sh +++ b/internal/builders/gradle/create_attestation.sh @@ -21,11 +21,11 @@ SLSA_OUTPUTS_ARTIFACTS_FILE="${GITHUB_WORKSPACE}/${SLSA_OUTPUTS_ARTIFACTS_FILE}" # "version" and "attestations" fields: echo -e -n "{\n \"version\": 1,\n \"attestations\": [" >> "$SLSA_OUTPUTS_ARTIFACTS_FILE" -num_jar_files=$(find ./release-files-for-slsa -type f | wc -l) +num_jar_files=$(find ./slsa-build -type f | wc -l) counter=1 # Add one attestation per .jar file: -find ./release-files-for-slsa -type f -print0 | while read -r -d $'\0' fname +find ./slsa-build -type f -print0 | while read -r -d $'\0' fname do bn=$(basename -- "$fname")