chore: Make maven publisher an action #2482
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AdamKorcz
requested review from
asraa,
ianlewis,
laurentsimon and
joshuagl
as code owners
There was a problem hiding this comment.
Thanks @AdamKorcz Looking pretty good. Just a few nits and we should be ready to merge.
ianlewis
reviewed
Jul 26, 2023
|
@AdamKorcz please ping when the comments are resolved. I don't always know when I should re-review. Thanks! |
|
@laurentsimon @ianlewis This one should be ready to review again. Note that this uses a plugin that hashes the artifacts and creates the json. Ideally this should be hosted at a slsa-framework-owned Maven Central repository account. |
ianlewis
reviewed
Jul 31, 2023
AdamKorcz
force-pushed
the
maven-publisher-to-action
branch
2 times, most recently
from
f652d2d
to
6e4ee0e
Compare
|
Ready for another round of review except for #2482 (comment). |
ianlewis
reviewed
Aug 1, 2023
...aven/publish/slsa-hashing-plugin/src/main/java/io/github/slsa-framework/JarfileHashMojo.java
Show resolved
Hide resolved
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Create JarfileHashMojo.java Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Create pom.xml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Delete JarfileHashMojo.java Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Delete pom.xml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update README.md Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update action.yml Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update README.md Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * Update README.md Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> --------- Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
|
@laurentsimon @ianlewis Please check again. |
laurentsimon
reviewed
Aug 1, 2023
| SLSA_DIR: "${{ inputs.provenance-download-name }}" | ||
| PROVENANCE_FILES: "${{ inputs.provenance-download-name }}" | ||
| run: | | ||
| cd __BUILDER_CHECKOUT_DIR__/actions/maven/publish/slsa-hashing-plugin && mvn clean install && cd - |
There was a problem hiding this comment.
better to mve this to ../ to keep the git tree clean (some tools check for that), but we can do that later.
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
laurentsimon
approved these changes
Aug 1, 2023
laurentsimon
reviewed
Aug 1, 2023
| uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main | ||
| with: | ||
| repository: slsa-framework/slsa-github-generator | ||
| ref: v1.8.0 |
There was a problem hiding this comment.
@AdamKorcz fyi I updated this to v1.8.0
There was a problem hiding this comment.
@laurentsimon is this expected to work right now?
There was a problem hiding this comment.
no its not. It will only work after the release. I'll work on #2508 to be sure we don't forget
laurentsimon
pushed a commit
that referenced
this pull request
Aug 1, 2023
Similar to #2482 (comment) cc @laurentsimon Signed-off-by: AdamKorcz <adam@adalogics.com>
enteraga6
pushed a commit
to enteraga6/slsa-github-generator
that referenced
this pull request
Aug 8, 2023
Closes slsa-framework#2369 --------- Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Signed-off-by: Noah Elzner <elzner@google.com>
enteraga6
pushed a commit
to enteraga6/slsa-github-generator
that referenced
this pull request
Aug 8, 2023
Similar to slsa-framework#2482 (comment) cc @laurentsimon Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Noah Elzner <elzner@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #2369