release: Update release.yml with option to workaround SLSA generator failure #2987
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
johanbrandhorst
approved these changes
Nov 2, 2022
|
Thanks for your contribution :). Lets hope it works next time 😂. |
Yes: I also wonder, is it possible to add a workflow_dispatch dry-run for the workflow? So no tags pushed, but a build, provenance generation and no upload. I can look into it if you want! |
|
Sure, that'd be great, please do! |
|
If we could backfill slsa signatures for the last few releases that'd be awesome. Could we make the release a parameter? |
Right! We had a few requests on that and are thinking of the best ways to recommend this, which I'm trying to write up here. slsa-framework/slsa-github-generator#1190 |
wdum? |
You could potentially download artifacts from previous workflow runs from the GitHub API, but I'm not sure if that can be tampered with. (The workflow run, not the release) |
andrewpollock
pushed a commit
to google/osv.dev
that referenced
this pull request
Nov 28, 2022
) [](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | require | minor | `v2.13.0` -> `v2.14.0` | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway</summary> ### [`v2.14.0`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.14.0) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.13.0...v2.14.0) #### New features This release contains two significant new OpenAPIv2 generator features, contributed by [@​krak3n](https://togithub.com/krak3n): 1. A new option to [disable rendering of 200 OK responses](https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/customizing_openapi_output/#disable-default-responses). This is useful if you define custom responses for your endpoints and you modify the return code a forward response writer. Note that this does not change the behavior of the gateway itself. 2. A new annotation for [defining header parameters](https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/customizing_openapi_output/#custom-http-header-request-parameters). This lets to define header parameters you want to be rendered in the swagger.json output in addition to those defined in your API messages. Note that this does not change the behavior of the gateway itself and must be coupled with custom header parsing in your application. #### What's Changed - release: Update release.yml with option to workaround SLSA generator failure by [@​asraa](https://togithub.com/asraa) in [grpc-ecosystem/grpc-gateway#2987 - release: add a workflow_dispatch trigger for testing by [@​asraa](https://togithub.com/asraa) in [grpc-ecosystem/grpc-gateway#2989 - Use io/os instread of ioutil and use suitable verb by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2991 - runtime pkg cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2993 - mux: fix path components mutation by [@​jonathaningram](https://togithub.com/jonathaningram) in [grpc-ecosystem/grpc-gateway#3001 - fix: set consumes definition per operation by [@​stomy13](https://togithub.com/stomy13) in [grpc-ecosystem/grpc-gateway#2995 - protoc gen oas v2 cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2996 - Use ReplaceAll instead of Replace with -1 pos by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3003 - Errors cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3004 - Cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3012 - Support disabling default response rendering by [@​krak3n](https://togithub.com/krak3n) in [grpc-ecosystem/grpc-gateway#3006 - Support request header parameters by [@​krak3n](https://togithub.com/krak3n) in [grpc-ecosystem/grpc-gateway#3010 #### New Contributors - [@​asraa](https://togithub.com/asraa) made their first contribution in [grpc-ecosystem/grpc-gateway#2987 - [@​sashamelentyev](https://togithub.com/sashamelentyev) made their first contribution in [grpc-ecosystem/grpc-gateway#2991 - [@​stomy13](https://togithub.com/stomy13) made their first contribution in [grpc-ecosystem/grpc-gateway#2995 - [@​krak3n](https://togithub.com/krak3n) made their first contribution in [grpc-ecosystem/grpc-gateway#3006 **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.13.0...v2.14.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4zNy4wIiwidXBkYXRlZEluVmVyIjoiMzQuMzcuMCJ9-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This updates the SLSA generator workflow with a workaround due to an issue. slsa-framework/slsa-github-generator#1163
The rough context is that Sigstore made a final breaking change related to an online service that distributes its trust root material (a TUF repository) which was backwards incompatible with their older libraries. Thus, our older builders failed, and we are working on updates.
Adding
compile-generator: truemeans that the generator code is compiled from source rather than download and verified with Sigstore. The Sigstore verification was broken due to the above problem in the old builders verifier versions.Other
We are tracking stability improvements: https://github.com/slsa-framework/slsa-github-generator/milestone/9