-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] Opaque failure in final
step
#3031
Comments
One possible hint: it looks like the reusable workflow uses
as seen here: https://github.com/di/id/actions/runs/7184211112/job/19564896850#step:7:10 (I didn't catch this originally because the |
Some more digging: we currently use |
I think you're right, that seems to be the problem https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml#L256. Have you confirmed that We need to update the documentation |
Not yet, I'll try that in a moment. But yeah, I think this needs a doc update, and ideally a few other things if possible:
|
Opened di/id#147 with the prospective fix -- @laurentsimon would you be able to give that a look? |
Looks like the fix works as expected! I'll leave this open for the documentation side 🙂 |
This was wrong, the issue was the way we were computing the digest on MacOS/Windows. |
# Summary - Fixes #3031 - Fixes #3072 - Removes the `attestation-name` input and output from the `generator_generic_slsa3.yml`, which has been deprecated for `provenance-name`. ## Testing Process We cannot properly test workflow changes without first merging to `main`, and revert if tests fail. After merging we will - [ ] trigger a manual run of `pre-submit e2e generic default` - [ ] wait for nightly e2e tests to report success ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
# Summary - Reverting #3399 - Fixes #3031 - Fixes #3072 - Removes the attestation-name input and output from the generator_generic_slsa3.yml, which has been deprecated for provenance-name. ## Testing Process - We have existing PR Check workflows that do call the generic-genertor wth the correct parameters - example-package e2e2 tests have already been updated to use the new parameter and are already passing. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Describe the bug
I'm attempting to publish a new version of the Python
id
package, using the package's GitHub Actions release workflow.This is what our current provenance generation step looks like:
When our release workflow is triggered, this step runs as expected, and the interior
detect-env
andgenerator
steps appear to succeed. Theupload-assets
step is then skipped, andfinal
fails opaquely (apparently checking some kind of success state, without an error message):You can see that in the release workflow logs here: https://github.com/di/id/actions/runs/7184211112/job/19564897464
This error persists even when the job is re-run.
To Reproduce
I don't have an easy reproducer, unfortunately. I'm happy to perform debugging steps on the
di/id
repository, however.Expected behavior
I expected the
generate-provenance
step to succeed, as it has for previous release runs.The text was updated successfully, but these errors were encountered: