example-package icon indicating copy to clipboard operation
example-package copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[tech debt] Refactor `verify_provenance_authenticity`

Open ianlewis opened this issue 2 years ago • 0 comments

This function has a lot of special casing for each builder and is getting pretty hard to edit. We should either break up the function per builder or by verifier command (e.g. verify-artifact, verify-image, verify-npm-package) as the options are different for each command.

https://github.com/slsa-framework/example-package/blob/79877134d7d62f3cf333ea8f41998f59c5f4d08e/.github/workflows/scripts/e2e-verify.common.sh#L209

ianlewis avatar May 01 '23 22:05 ianlewis