slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature] Add a release URL to builders and generators for uploading assets

Open asraa opened this issue 3 years ago • 5 comments
trafficstars

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like For some workflow triggers like workflow_dispatch, the github.ref does not indicate the release URL. We should expose an option like

          upload_url: ${{ steps.create-release.outputs.upload_url }}

that can be used to indicate the release URL to upload assets to.

That would simplify the workflow, and reduce the amount of friction for users. Otherwise, they need to specify their own upload, or manually upload the artifact themselves.

See https://github.com/GoogleContainerTools/jib/commit/e85d34e1661acf43ce078412719a2c2ce1a42f59

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

asraa avatar Aug 12 '22 16:08 asraa

Repositories to update:

  • [ ] https://github.com/GoogleContainerTools/jib

laurentsimon avatar Aug 12 '22 18:08 laurentsimon

We also need e2e tests for this.

laurentsimon avatar Aug 12 '22 18:08 laurentsimon

See this PR which has the code to use: https://github.com/GoogleContainerTools/jib/pull/3726/files

laurentsimon avatar Aug 12 '22 18:08 laurentsimon

See this PR which has the code to use: https://github.com/GoogleContainerTools/jib/pull/3726/files

This PR uses actions/upload-release-asset which isn't maintained anymore in favor of softprops/action-gh-release which is the action we use. Maybe the right input we need use is tag_name? https://github.com/softprops/action-gh-release#inputs

ianlewis avatar Aug 25 '22 06:08 ianlewis

you're correct. Note that I only re-used the GHA they already use in their code (https://github.com/GoogleContainerTools/jib/blob/master/.github/workflows/jib-cli-release.yml#L82), it's not something I asked them to use.

I've created https://github.com/slsa-framework/slsa-github-generator/pull/713 to own the code for us internally, and maybe other repos could use it?

laurentsimon avatar Aug 25 '22 16:08 laurentsimon

Can you mention here what release it'll end up in @laurentsimon ? Thanks!

hazcod avatar Dec 02 '22 23:12 hazcod

Should be part of the [2022 Stability improvements](https://github.com/slsa-framework/slsa-github-generator/milestone/6). Thanks for the interest! Which project do you want to use it for?

laurentsimon avatar Dec 03 '22 00:12 laurentsimon

This PR needs to be landed https://github.com/slsa-framework/slsa-github-generator/issues/1307

laurentsimon avatar Dec 03 '22 01:12 laurentsimon

Should be part of the [2022 Stability improvements](https://github.com/slsa-framework/slsa-github-generator/milestone/6). Thanks for the interest! Which project do you want to use it for?

Thanks! I'm writing an SDK for the API on Intigriti and want to ensure we do all of our due diligence.

hazcod avatar Dec 03 '22 10:12 hazcod