Comments (8)
Reopening because we can't rely on workflow
in the event payload as it's not present for all event types.
https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads
We'll need to figure out a different way to get the path to the user workflow. We can't rely on github.workflow
because that's the workflow name if present, or a path to the workflow if not. While we always want a path to the workflow file.
The only thing I can thing of right now is checking out the user repository and looking for the github.workflow
name in the workflow yaml files.
i.e.
if github.workflow is a path:
use github.workflow as the entrypoint
else
check out the user repository
search all workflow yaml files for the workflow name in github.workflow
I'm not really sure that the workflow name even uniquely identifies the workflow being executed.
from slsa-github-generator.
I created a pending topic on github.community to see if there is a way to reliably get the workflow path but I wonder if there aren't other avenues to submit feature requests.
from slsa-github-generator.
In testing the workflow names can be the same for multiple workflows in the same repo so the workflow name by itself won't uniquely identify the workflow being run.
from slsa-github-generator.
It seems that you can query the action run via Github with the run ID and get the workflow path from there.
https://github.com/check-spelling/check-spelling/blob/c35bc3130c33b27843dd0b0f36be8f1d00b6d126/unknown-words.sh#L279-L292
get_workflow_path() {
action_run=$(mktemp_json)
if call_curl \
"$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > "$action_run"; then
workflow_url=$(jq -r '.workflow_url // empty' "$action_run")
if [ -n "$workflow_url" ]; then
workflow_json=$(mktemp_json)
if call_curl \
"$workflow_url" > "$workflow_json"; then
jq -r .path "$workflow_json"
via:
https://github.community/t/getting-the-path-to-user-workflow-yaml-from-reusable-workflow/250514
from slsa-github-generator.
The relevant docs for the API endpoints are here
https://docs.github.com/en/rest/actions/workflow-runs#get-a-workflow-run
https://docs.github.com/en/rest/actions/workflows#get-a-workflow
Not sure yet how authentication with the API would work since I'm pretty sure you need some kind of auth or permissions to read them.
from slsa-github-generator.
Not sure yet how authentication with the API would work since I'm pretty sure you need some kind of auth or permissions to read them.
GitHub Actions have GITHUB_TOKEN
that can be used to make authenticated API calls: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
from slsa-github-generator.
neat solution! You can use the gh CLI to play with it too (set GH_TOKEN=THE_TOKEN to make it work non-interactively)
from slsa-github-generator.
Yeah, I've since written something and got it working. It requires adding action
scope to the workflow but otherwise seems to work ok. The token is also present in the github
context so that's the one I'm actually using.
main...ianlewis:workflow-path
I don't really like where the API is going adding parameters to functions and such so I'm trying a refactor in #47 which should hopefully be a bit easier to work with and not create lots of backwards incompatibilities over time. It should also address some of the thoughts @laurentsimon had on #13. I'll try to add more info to the PR there to make it more clear how it's supposed to work before un-drafting it, but feel free to comment early if you have thoughts.
from slsa-github-generator.
Related Issues (20)
- [e2e]: gradle workflow_dispatch main default slsa3 HOT 4
- [bug][gradle] Address issues on #2636 posted after merge
- [e2e]: nodejs workflow_dispatch main default slsa3 HOT 1
- [e2e]: container-based workflow_dispatch main default slsa3 HOT 3
- [e2e]: container-based schedule main matrix slsa3 HOT 2
- [e2e]: container-based schedule main registry-username HOT 1
- [e2e]: container-based schedule main registry-username-secret HOT 1
- [e2e]: container-based schedule main gcp-workload-identity slsa3 HOT 1
- [e2e]: container-based schedule main default slsa3 HOT 1
- [e2e]: container-based tag main default slsa3 HOT 1
- [e2e]: container-based push main default slsa3 HOT 1
- [e2e]: gradle workflow_dispatch main default slsa3 HOT 2
- [bug] The specified go version file at: go.mod does not exist HOT 1
- [bug] Maven / Gradle builders fail to run concurrently HOT 3
- [e2e]: nodejs release main default slsa3 HOT 2
- [e2e]: container schedule main default slsa3 HOT 1
- [exploration] Look into build caches for generators
- [e2e]: maven workflow_dispatch main default slsa3 HOT 1
- [e2e]: go tag main config-ldflags-assets-prerelease-tag slsa3 HOT 1
- [e2e]: nodejs release main default slsa3 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slsa-github-generator.