example-package
example-package copied to clipboard
slsa-framework
Most of the e2e test workflows commit and push a change and if two workflows do this at the same time the remove will reject the change because it's non-linear....
We should remove `e2e_verify_common_all` and replace with `e2e_verify_common_all_v02`. We may still need to make a distinction between BYOB and non-BYOB builders but we should rename these functions to something more...
Fix the renovate config to ignore example-trw version bumps See reasoning https://github.com/slsa-framework/example-package/pull/244#issuecomment-1648267564 Dismissing the next PRs will probably be enough @mihaimaruseac @ianlewis
Currently the [`e2e-nodejs-push.sh`](https://github.com/slsa-framework/example-package/blob/b804d9ccccc50eb5253ebb492d15df1bcf25e5f4/.github/workflows/scripts/e2e-nodejs-push.sh#L59) script will sync the branch set on the test. `branch1` will thus get synced by the [`e2e.nodejs.push.branch1.default.slsa3.yml`](https://github.com/slsa-framework/example-package/blob/main/.github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml) test. This isn't very intuitive and should probably be improved...
Sometimes the local `package.json` version gets out of sync with the published versions. ``` npm verb stack HttpErrorGeneral: 403 Forbidden - PUT https://registry.npmjs.org/@slsa-framework%2fe2e-nodejs-push-main-disttag-slsa3 - You cannot publish over the previously...
Most e2e tests check for `needs.shim.outputs.continue == 'yes'` but don't check if the `shim` job actually succeeded. We should create an issue if the `shim` step fails. This goes for...
I updated the Action by copying the old Action (https://github.com/slsa-framework/example-package/tree/main/.github/actions/tamper-artifact) into a new one (https://github.com/slsa-framework/example-package/tree/main/.github/actions/tamper-artifact-new). Once it all works, we can delete the old one and rename the new one.
This issue tracks action items left for GCB verification support. Currently, the workflows run on two schedules, a biweekly one and a daily one. The biweekly one triggers a build,...