New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
release: Update release.yml with option to workaround SLSA generator failure #2987
Conversation
Thanks for your contribution :). Lets hope it works next time 😂. |
Yes: I also wonder, is it possible to add a workflow_dispatch dry-run for the workflow? So no tags pushed, but a build, provenance generation and no upload. I can look into it if you want! |
Sure, that'd be great, please do! |
If we could backfill slsa signatures for the last few releases that'd be awesome. Could we make the release a parameter? |
Right! We had a few requests on that and are thinking of the best ways to recommend this, which I'm trying to write up here. slsa-framework/slsa-github-generator#1190 |
wdum? |
You could potentially download artifacts from previous workflow runs from the GitHub API, but I'm not sure if that can be tampered with. (The workflow run, not the release) |
) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | require | minor | `v2.13.0` -> `v2.14.0` | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway</summary> ### [`v2.14.0`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.14.0) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.13.0...v2.14.0) #### New features This release contains two significant new OpenAPIv2 generator features, contributed by [@​krak3n](https://togithub.com/krak3n): 1. A new option to [disable rendering of 200 OK responses](https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/customizing_openapi_output/#disable-default-responses). This is useful if you define custom responses for your endpoints and you modify the return code a forward response writer. Note that this does not change the behavior of the gateway itself. 2. A new annotation for [defining header parameters](https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/customizing_openapi_output/#custom-http-header-request-parameters). This lets to define header parameters you want to be rendered in the swagger.json output in addition to those defined in your API messages. Note that this does not change the behavior of the gateway itself and must be coupled with custom header parsing in your application. #### What's Changed - release: Update release.yml with option to workaround SLSA generator failure by [@​asraa](https://togithub.com/asraa) in [grpc-ecosystem/grpc-gateway#2987 - release: add a workflow_dispatch trigger for testing by [@​asraa](https://togithub.com/asraa) in [grpc-ecosystem/grpc-gateway#2989 - Use io/os instread of ioutil and use suitable verb by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2991 - runtime pkg cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2993 - mux: fix path components mutation by [@​jonathaningram](https://togithub.com/jonathaningram) in [grpc-ecosystem/grpc-gateway#3001 - fix: set consumes definition per operation by [@​stomy13](https://togithub.com/stomy13) in [grpc-ecosystem/grpc-gateway#2995 - protoc gen oas v2 cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#2996 - Use ReplaceAll instead of Replace with -1 pos by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3003 - Errors cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3004 - Cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3012 - Support disabling default response rendering by [@​krak3n](https://togithub.com/krak3n) in [grpc-ecosystem/grpc-gateway#3006 - Support request header parameters by [@​krak3n](https://togithub.com/krak3n) in [grpc-ecosystem/grpc-gateway#3010 #### New Contributors - [@​asraa](https://togithub.com/asraa) made their first contribution in [grpc-ecosystem/grpc-gateway#2987 - [@​sashamelentyev](https://togithub.com/sashamelentyev) made their first contribution in [grpc-ecosystem/grpc-gateway#2991 - [@​stomy13](https://togithub.com/stomy13) made their first contribution in [grpc-ecosystem/grpc-gateway#2995 - [@​krak3n](https://togithub.com/krak3n) made their first contribution in [grpc-ecosystem/grpc-gateway#3006 **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.13.0...v2.14.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4zNy4wIiwidXBkYXRlZEluVmVyIjoiMzQuMzcuMCJ9-->
Description
This updates the SLSA generator workflow with a workaround due to an issue. slsa-framework/slsa-github-generator#1163
The rough context is that Sigstore made a final breaking change related to an online service that distributes its trust root material (a TUF repository) which was backwards incompatible with their older libraries. Thus, our older builders failed, and we are working on updates.
Adding
compile-generator: true
means that the generator code is compiled from source rather than download and verified with Sigstore. The Sigstore verification was broken due to the above problem in the old builders verifier versions.Other
We are tracking stability improvements: https://github.com/slsa-framework/slsa-github-generator/milestone/9