Skip to content

fix: fix the Go package version to v2 #373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 2, 2022
Merged

fix: fix the Go package version to v2 #373

merged 3 commits into from
Dec 2, 2022

Conversation

@suzuki-shunsuke
Copy link
Contributor

@suzuki-shunsuke suzuki-shunsuke commented Dec 2, 2022
edited
Loading

Fix the package name github.com/slsa-framework/slsa-verifier to github.com/slsa-framework/slsa-verifier/v2.

git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g"

slsa-verifier v2 has been released. https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0

Currently, we can't install slsa-verifier v2 by go install.

  1. Failed to install v2.
$ go install github.com/slsa-framework/slsa-verifier/cli/[email protected]
go: github.com/slsa-framework/slsa-verifier/cli/[email protected]: github.com/slsa-framework/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/slsa-framework/slsa-verifier/v2")
  1. Installed not v2 but v1.4.1.
$ go install github.com/slsa-framework/slsa-verifier/cli/slsa-verifier@latest
go: downloading github.com/slsa-framework/slsa-verifier v1.4.1
go: downloading github.com/sigstore/cosign v1.12.0
go: downloading github.com/google/trillian v1.4.2
go: downloading github.com/sigstore/rekor v0.11.0
go: downloading github.com/sigstore/sigstore v1.4.2
go: downloading golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
go: downloading github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42
go: downloading golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
go: downloading github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e
go: downloading golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
go: downloading google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58
go: downloading github.com/klauspost/compress v1.15.9
go: downloading github.com/aws/aws-sdk-go-v2/config v1.17.7
go: downloading github.com/Azure/go-autorest/autorest/adal v0.9.20
go: downloading golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.12.20
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5

@suzuki-shunsuke
fix: fix the package version to v2
1900eda 
```
git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g"
```

Signed-off-by: Shunsuke Suzuki <[email protected]>
@suzuki-shunsuke
fix: fix the package version to v2
6c7df96 
Signed-off-by: Shunsuke Suzuki <[email protected]>
@suzuki-shunsuke
Copy link
Contributor Author

suzuki-shunsuke commented Dec 2, 2022

https://github.com/slsa-framework/slsa-verifier/actions/runs/3597819895/jobs/6059973163

=== RUN   Test_runVerifyGHAArtifactPath/regression:_sharded_uuids
No certificate provided, trying Redis search index to find entries by subject digest
Verified signature against tlog entry index 2907428 at URL: https://rekor.sigstore.dev/api/v1/log/entries/362f8ecba72f432624befa6acb7f1263c026e7b135e24cf23f11b5020a5fb9365e922a831485bb60
    main_test.go:557: :   any(
        - 	e"source used to generate the binary does not match provenance: expected source 'slsa-framework/slsa-verifier/v2', got 'slsa-framework/slsa-verifier'",
          )
--- FAIL: Test_runVerifyGHAArtifactPath (291.30s)

@suzuki-shunsuke
test: fix source
4387593 
Signed-off-by: Shunsuke Suzuki <[email protected]>
@suzuki-shunsuke suzuki-shunsuke marked this pull request as ready for review December 2, 2022 01:15
@suzuki-shunsuke
Copy link
Contributor Author

suzuki-shunsuke commented Dec 2, 2022

#373 (comment) has been solved. 4387593

@suzuki-shunsuke suzuki-shunsuke mentioned this pull request Dec 2, 2022
Merged
@ianlewis ianlewis requested review from asraa and laurentsimon and removed request for asraa December 2, 2022 01:47
laurentsimon
laurentsimon approved these changes Dec 2, 2022
View reviewed changes
Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@laurentsimon laurentsimon merged commit 74fd528 into slsa-framework:main Dec 2, 2022
@suzuki-shunsuke suzuki-shunsuke deleted the fix/update-gopkg-v2 branch December 2, 2022 02:53
@ianlewis ianlewis mentioned this pull request Jan 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

@asraa asraa Awaiting requested review from asraa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suzuki-shunsuke @laurentsimon