You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We add most GITHUB_* environment variables to these parameters since they are set by GitHub Actions and not directly by the user but perhaps some like GITHUB_REPOSITORY should actually be considered under the user's control and be set in the externalParameters?
https://slsa.dev/provenance/v1#builddefinition states for
internalParameters
:This brings up whether our use of
internalParameters
is correct. We need to verify some information from the internal parameters. It's currently used bybuilderTriggerInfo
which is then used to get the source URI and workflow path for verification. We also verify a number of values from these parameters.We add most
GITHUB_*
environment variables to these parameters since they are set by GitHub Actions and not directly by the user but perhaps some likeGITHUB_REPOSITORY
should actually be considered under the user's control and be set in theexternalParameters
?/cc @laurentsimon @asraa
Related to #2186, #1200
The text was updated successfully, but these errors were encountered: