chore: Make maven publisher an action #2482
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AdamKorcz
requested review from
asraa,
ianlewis,
joshuagl and
laurentsimon
as code owners
Collaborator
laurentsimon
left a comment
laurentsimon
left a comment
There was a problem hiding this comment.
Thanks @AdamKorcz Looking pretty good. Just a few nits and we should be ready to merge.
ianlewis
reviewed
Jul 26, 2023
Collaborator
|
@AdamKorcz please ping when the comments are resolved. I don't always know when I should re-review. Thanks! |
Contributor
Author
|
@laurentsimon @ianlewis This one should be ready to review again. Note that this uses a plugin that hashes the artifacts and creates the json. Ideally this should be hosted at a slsa-framework-owned Maven Central repository account. |
ianlewis
reviewed
Jul 31, 2023
AdamKorcz
force-pushed
the
maven-publisher-to-action
branch
2 times, most recently
from
f652d2d to
6e4ee0e
Compare
Contributor
Author
|
Ready for another round of review except for #2482 (comment). |
ianlewis
reviewed
Aug 1, 2023
...aven/publish/slsa-hashing-plugin/src/main/java/io/github/slsa-framework/JarfileHashMojo.java
Show resolved
Hide resolved
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
* Create JarfileHashMojo.java Signed-off-by: AdamKorcz <[email protected]> * Create pom.xml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Delete JarfileHashMojo.java Signed-off-by: AdamKorcz <[email protected]> * Delete pom.xml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update README.md Signed-off-by: AdamKorcz <[email protected]> * Update action.yml Signed-off-by: AdamKorcz <[email protected]> * Update README.md Signed-off-by: AdamKorcz <[email protected]> * Update README.md Signed-off-by: AdamKorcz <[email protected]> --------- Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Co-authored-by: Ian Lewis <[email protected]> Signed-off-by: AdamKorcz <[email protected]>
Co-authored-by: Ian Lewis <[email protected]> Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Contributor
Author
|
@laurentsimon @ianlewis Please check again. |
laurentsimon
reviewed
Aug 1, 2023
| SLSA_DIR: "${{ inputs.provenance-download-name }}" | ||
| PROVENANCE_FILES: "${{ inputs.provenance-download-name }}" | ||
| run: | | ||
| cd __BUILDER_CHECKOUT_DIR__/actions/maven/publish/slsa-hashing-plugin && mvn clean install && cd - |
Collaborator
There was a problem hiding this comment.
better to mve this to ../ to keep the git tree clean (some tools check for that), but we can do that later.
Signed-off-by: laurentsimon <[email protected]>
Signed-off-by: laurentsimon <[email protected]>
laurentsimon
approved these changes
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
| uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main | ||
| with: | ||
| repository: slsa-framework/slsa-github-generator | ||
| ref: v1.8.0 |
Contributor
Author
There was a problem hiding this comment.
@laurentsimon is this expected to work right now?
Collaborator
There was a problem hiding this comment.
no its not. It will only work after the release. I'll work on #2508 to be sure we don't forget
laurentsimon
pushed a commit
that referenced
this pull request
Aug 1, 2023
Similar to #2482 (comment) cc @laurentsimon Signed-off-by: AdamKorcz <[email protected]>
enteraga6
pushed a commit
to enteraga6/slsa-github-generator
that referenced
this pull request
Aug 8, 2023
Closes slsa-framework#2369 --------- Signed-off-by: AdamKorcz <[email protected]> Signed-off-by: AdamKorcz <[email protected]> Signed-off-by: laurentsimon <[email protected]> Co-authored-by: Ian Lewis <[email protected]> Co-authored-by: laurentsimon <[email protected]> Signed-off-by: Noah Elzner <[email protected]>
enteraga6
pushed a commit
to enteraga6/slsa-github-generator
that referenced
this pull request
Aug 8, 2023
Similar to slsa-framework#2482 (comment) cc @laurentsimon Signed-off-by: AdamKorcz <[email protected]> Signed-off-by: Noah Elzner <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #2369