From ebf308c7ae63f9e43ea2707fa6f23bd2bb20a58b Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 24 May 2022 23:12:57 +0000 Subject: [PATCH] updates --- .github/workflows/builder_go_slsa3.yml | 1 + .github/workflows/scripts/builder-fetch.sh | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index a5095fa1f4..73af5b8cbc 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -25,6 +25,7 @@ env: BUILDER_RELEASE_BINARY: slsa-builder-go-linux-amd64 BUILDER_REPOSITORY: laurentsimon/slsa-github-generator # Verifier + #TODO(revert) repo name and hashes VERIFIER_REPOSITORY: laurentsimon/slsa-verifier VERIFIER_RELEASE_BINARY: slsa-verifier-linux-amd64 VERIFIER_RELEASE_BINARY_SHA256: fb743bc6bb56908d590da66bfe5c266d003aa226b30fcada5f7b9e4aea43b52b diff --git a/.github/workflows/scripts/builder-fetch.sh b/.github/workflows/scripts/builder-fetch.sh index d9a72ab556..38ffef1daa 100755 --- a/.github/workflows/scripts/builder-fetch.sh +++ b/.github/workflows/scripts/builder-fetch.sh @@ -32,6 +32,7 @@ if [[ "$BUILDER_TAG" = "$(echo -n "$BUILDER_TAG" | grep -P '^[a-f\d]{40}$')" ]]; while read line; do TAG=$(echo "$line" | cut -f1) BRANCH=$(gh release -R "$BUILDER_REPOSITORY" view "$TAG" --json targetCommitish --jq '.targetCommitish') + #TODO(revert) main if [[ "$BRANCH" != "feat/fastbuilds" ]]; then continue fi @@ -72,7 +73,8 @@ echo "verifier hash verification has passed" # Verify the provenance of the builder. chmod a+x "$VERIFIER_RELEASE_BINARY" -./"$VERIFIER_RELEASE_BINARY" --branch "main" \ +#TODO(revert) main +./"$VERIFIER_RELEASE_BINARY" --branch "feat/fastbuilds" \ --tag "$BUILDER_TAG" \ --artifact-path "$BUILDER_RELEASE_BINARY" \ --provenance "$BUILDER_RELEASE_BINARY.intoto.jsonl" \