Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

build: adding SLSA provenance generation for nupkg artifacts #228

Merged
merged 4 commits into from
Jun 3, 2024
Merged

build: adding SLSA provenance generation for nupkg artifacts #228

merged 4 commits into from
Jun 3, 2024

Conversation

rsoberano-ld
Copy link
Contributor

Requirements

  • I have added test coverage for new or changed functionality
  • I have followed the repository's pull request submission guidelines
  • I have validated my changes against all supported platform versions

Related issues

Provide links to any issues in this repository or elsewhere relating to this pull request.

Describe the solution you've provided

Provide a clear and concise description of what you expect to happen.

Describe alternatives you've considered

Provide a clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context about the pull request here.

@rsoberano-ld rsoberano-ld requested a review from a team May 31, 2024 23:25
rsoberano-ld
rsoberano-ld commented May 31, 2024
View reviewed changes
.github/workflows/manual-publish.yml Outdated
base64-subjects: "${{ needs.build.outputs.server-sdk-hashes }}"
upload-assets: true
upload-tag-name: ${{ input.tag_name }}
provenance-name: ${{ format('LaunchDarkly.ServerSdk-{0}_provenance.intoto.jsonl', input.tag_name) }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we specify release tag name for manual publish workflows?

Copy link
Contributor

@tanderson-ld tanderson-ld Jun 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Manual publish uses the version in the project file. Manual publish does not support changing the version or tagging.

Release please (a separate workflow) makes the tag and updates the version in the project file to match. For example, the dotnet-server-sdk version is here. The dotnet build tools understand the version internally. There may be a dotnet command to ask the project file for its version if you need it here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In C++ we made it so you could only publish an existing label. Which means you need to change the label if you are doing a manual publish to fix a problem.

It is really inconvenient. Not sure if there would be a happy medium to handle both cases.

kinyoklion
kinyoklion reviewed Jun 3, 2024
View reviewed changes
.github/workflows/manual-publish.yml Outdated
base64-subjects: "${{ needs.build.outputs.telemetry-hashes }}"
upload-assets: true
upload-tag-name: ${{ input.tag_name }}
provenance-name: ${{ format('LaunchDarkly.ServerSdk.Telemetry-{0}_provenance.intoto.jsonl', input.tag_name) }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could use a newline here.

@rsoberano-ld rsoberano-ld merged commit fef1823 into main Jun 3, 2024
7 checks passed
@rsoberano-ld rsoberano-ld deleted the rsoberano/SEC-5135/dotnet-server-sdk-slsa-provenance branch June 3, 2024 18:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tanderson-ld tanderson-ld tanderson-ld left review comments

@kinyoklion kinyoklion kinyoklion approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rsoberano-ld @kinyoklion @tanderson-ld