This repository has been archived by the owner on Oct 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build: adding SLSA provenance generation for nupkg artifacts (#228)
**Requirements** - [ ] I have added test coverage for new or changed functionality - [ ] I have followed the repository's [pull request submission guidelines](../blob/main/CONTRIBUTING.md#submitting-pull-requests) - [ ] I have validated my changes against all supported platform versions **Related issues** Provide links to any issues in this repository or elsewhere relating to this pull request. **Describe the solution you've provided** Provide a clear and concise description of what you expect to happen. **Describe alternatives you've considered** Provide a clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context about the pull request here.
- Loading branch information
Showing
4 changed files
with
92 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,16 +13,27 @@ on: | |
| description: 'Is this a dry run. If so no package will be published.' | ||
| type: boolean | ||
| required: true | ||
| generate_provenance: | ||
| description: 'Whether or not to generate provenance for this manual publish. Default behavior: generate only on main branch.' | ||
| type: choice | ||
| options: | ||
| - Default | ||
| - Generate | ||
| - Do not generate | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| outputs: | ||
| server-sdk-hashes: ${{ steps.server-sdk-release.outputs.hashes }} | ||
| telemetry-hashes: ${{ steps.telemetry-release.outputs.hashes }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./.github/actions/full-release | ||
| id: server-sdk-release | ||
| if: ${{ inputs.pkg_name == 'LaunchDarkly.ServerSdk' }} | ||
| with: | ||
| workspace_path: 'pkgs/sdk/server' | ||
|
|
@@ -35,6 +46,7 @@ jobs: | |
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - uses: ./.github/actions/full-release | ||
| id: telemetry-release | ||
| if: ${{ inputs.pkg_name == 'LaunchDarkly.ServerSdk.Telemetry' }} | ||
| with: | ||
| workspace_path: 'pkgs/telemetry' | ||
|
|
@@ -45,3 +57,34 @@ jobs: | |
| dry_run: ${{ inputs.dry_run }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| release-sdk-server-provenance: | ||
| needs: ['build'] | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| if: | | ||
| (inputs.generate_provenance == 'Generate' || (inputs.generate_provenance == 'Default' && github.ref_name == 'main')) && | ||
| inputs.pkg_name == 'LaunchDarkly.ServerSdk' | ||
| with: | ||
| base64-subjects: "${{ needs.build.outputs.server-sdk-hashes }}" | ||
| upload-assets: true | ||
| provenance-name: ${{ 'LaunchDarkly.ServerSdk_provenance.intoto.jsonl' }} | ||
|
|
||
|
|
||
| release-telemetry-server-provenance: | ||
| needs: ['build'] | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| if: | | ||
| (inputs.generate_provenance == 'Generate' || (inputs.generate_provenance == 'Default' && github.ref_name == 'main')) && | ||
| inputs.pkg_name == 'LaunchDarkly.ServerSdk.Telemetry' | ||
| with: | ||
| base64-subjects: "${{ needs.build.outputs.telemetry-hashes }}" | ||
| upload-assets: true | ||
| provenance-name: ${{ 'LaunchDarkly.ServerSdk.Telemetry_provenance.intoto.jsonl' }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,6 +12,7 @@ jobs: | |
| outputs: | ||
| package-sdk-server-released: ${{ steps.release.outputs['pkgs/sdk/server--release_created'] }} | ||
| package-sdk-server-telemetry-released: ${{ steps.release.outputs['pkgs/telemetry--release_created'] }} | ||
| tag_name: ${{ steps.release.outputs.tag_name }} | ||
|
|
||
| steps: | ||
| - uses: google-github-actions/release-please-action@v4 | ||
|
|
@@ -28,9 +29,12 @@ jobs: | |
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-sdk-server-released == 'true'}} | ||
| outputs: | ||
| hashes: ${{ steps.full-release.outputs.hashes }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./.github/actions/full-release | ||
| id: full-release | ||
| with: | ||
| workspace_path: 'pkgs/sdk/server' | ||
| project_file: 'pkgs/sdk/server/src/LaunchDarkly.ServerSdk.csproj' | ||
|
|
@@ -41,6 +45,19 @@ jobs: | |
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| release-sdk-server-provenance: | ||
| needs: ['release-please', 'release-sdk-server'] | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| base64-subjects: "${{ needs.release-sdk-server.outputs.hashes }}" | ||
| upload-assets: true | ||
| upload-tag-name: ${{ needs.release-please.outputs.tag_name }} | ||
| provenance-name: ${{ format('LaunchDarkly.ServerSdk-{0}_provenance.intoto.jsonl', needs.release-please.outputs.tag_name) }} | ||
|
|
||
| release-telemetry: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
|
|
@@ -49,9 +66,12 @@ jobs: | |
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-sdk-server-telemetry-released == 'true'}} | ||
| outputs: | ||
| hashes: ${{ steps.full-release.outputs.hashes }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./.github/actions/full-release | ||
| id: full-release | ||
| with: | ||
| workspace_path: 'pkgs/telemetry' | ||
| project_file: 'pkgs/telemetry/src/LaunchDarkly.ServerSdk.Telemetry.csproj' | ||
|
|
@@ -61,3 +81,16 @@ jobs: | |
| dry_run: false | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| release-telemetry-provenance: | ||
| needs: ['release-please', 'release-telemetry'] | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| base64-subjects: "${{ needs.release-telemetry.outputs.hashes }}" | ||
| upload-assets: true | ||
| upload-tag-name: ${{ needs.release-please.outputs.tag_name }} | ||
| provenance-name: ${{ format('LaunchDarkly.ServerSdk.Telemetry-{0}_provenance.intoto.jsonl', needs.release-please.outputs.tag_name) }} | ||