laurentsimon
laurentsimon
We currently do not expose the following settings: requiresConversationResolution, requiresSignatures, viewerAllowedToDismissReviews, viewerCanPush We may add them
see command https://yarnpkg.com/cli/install
Repo: https://github.com/slsa-framework/example-package/tree/v14.2.11 Run: https://github.com/slsa-framework/example-package/actions/runs/8595341417 Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.go.tag.main.config-ldflags-noassets.slsa3.yml Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.go.tag.main.config-ldflags-noassets.slsa3.yml Trigger: push Branch: v14.2.11 Date: Mon Apr 8 06:11:24 UTC 2024
Repo: https://github.com/slsa-framework/example-package/tree/branch1 Run: https://github.com/slsa-framework/example-package/actions/runs/8593196125 Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.go.workflow_dispatch.branch1.config-ldflags.slsa3.yml Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.go.workflow_dispatch.branch1.config-ldflags.slsa3.yml Trigger: workflow_dispatch Branch: branch1 Date: Mon Apr 8 01:28:00 UTC 2024
See https://github.com/slsa-framework/slsa-github-generator/pull/3312/#issuecomment-1995315105 The secure-upload-folder Action is broken and always runs at main instead of using the PR code. I think we can solve this by doing: 1. Checkout with PR...
sigstore-js is used in our internal sign-attestations Action, and we're at v1.8.0. There is a v2.x version available
The new v1.0 specs, iiuc, no longer has a "provenance" level 3. I think this means the generators would become level 2. We could probably make them level 3 if...
In https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/nodejs#getting-started we say: ``` uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@ #v1.6.0 ``` Users will copy-paste the example and forget to set the hash. Two options: 1. Use `@v1.6.0` in the example. 2. Provide...
Need to close the loop and add e2e2 tests for https://github.com/slsa-framework/slsa-github-generator/pull/3083