slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature][byob] Add e2e tests

Open laurentsimon opened this issue 2 years ago • 2 comments
trafficstars

This will add:

  • [ ] pre-submit with a non-signed attestations
  • [ ] daily runs

laurentsimon avatar Jan 25 '23 20:01 laurentsimon

pre-submit with a non-signed attestations

You can use something similar to the docker workflows -- where the sign-attestation step or job is gated by an if statement of whether it's a presubmit.

In that one right now it just checks if event != pull_request but it'd be nice to detect if the OIDC request URL is present for a more accurate check.

When the signing is skipped, we instead just upload the generated DSSE attestations.

asraa avatar Jan 25 '23 20:01 asraa

let's not forget to add tests for referencing the TRW at a non-tag ref.

laurentsimon avatar May 25 '23 02:05 laurentsimon