[bug] Opaque failure in final step
#3031
Comments
woodruffw
added
status:triage
|
One possible hint: it looks like the reusable workflow uses as seen here: https://github.com/di/id/actions/runs/7184211112/job/19564896850#step:7:10 (I didn't catch this originally because the |
|
Some more digging: we currently use |
|
I think you're right, that seems to be the problem https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml#L256. Have you confirmed that We need to update the documentation |
Not yet, I'll try that in a moment. But yeah, I think this needs a doc update, and ideally a few other things if possible:
|
|
Opened di/id#147 with the prospective fix -- @laurentsimon would you be able to give that a look? |
|
Looks like the fix works as expected! I'll leave this open for the documentation side 🙂 |
ianlewis
added
area:generic
|
This was wrong, the issue was the way we were computing the digest on MacOS/Windows. |
# Summary - Fixes #3031 - Fixes #3072 - Removes the `attestation-name` input and output from the `generator_generic_slsa3.yml`, which has been deprecated for `provenance-name`. ## Testing Process We cannot properly test workflow changes without first merging to `main`, and revert if tests fail. After merging we will - [ ] trigger a manual run of `pre-submit e2e generic default` - [ ] wait for nightly e2e tests to report success ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
# Summary - Reverting #3399 - Fixes #3031 - Fixes #3072 - Removes the attestation-name input and output from the generator_generic_slsa3.yml, which has been deprecated for provenance-name. ## Testing Process - We have existing PR Check workflows that do call the generic-genertor wth the correct parameters - example-package e2e2 tests have already been updated to use the new parameter and are already passing. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Describe the bug
I'm attempting to publish a new version of the Python
idpackage, using the package's GitHub Actions release workflow.This is what our current provenance generation step looks like:
When our release workflow is triggered, this step runs as expected, and the interior
detect-envandgeneratorsteps appear to succeed. Theupload-assetsstep is then skipped, andfinalfails opaquely (apparently checking some kind of success state, without an error message):You can see that in the release workflow logs here: https://github.com/di/id/actions/runs/7184211112/job/19564897464
This error persists even when the job is re-run.
To Reproduce
I don't have an easy reproducer, unfortunately. I'm happy to perform debugging steps on the
di/idrepository, however.Expected behavior
I expected the
generate-provenancestep to succeed, as it has for previous release runs.The text was updated successfully, but these errors were encountered: