Comments (4)
laurentsimon
commented on June 12, 2024
We also need adversarial tests that try to alter data in the artifact registry the builder uses to pass data between jobs
from slsa-github-generator.
laurentsimon
commented on June 12, 2024
List:
- Different triggers (push, workflow_dispatch, schedule, new-tag)
- Different branches (for each trigger above)
- Setup pre-submit e2e tests to the extent that it is possible
- Adversarial tests where the caller workflow manipulate the artifacts
- Adversarial tests with an invalid input file name
- Workflow input arguments (upload-assets)
- Different arguments: vary the env variables, make sure the final provenance contains the right information
- Different config files: make sure the final provenance contains the right information. Remaining: e2e tests for slsa-framework/slsa-github-generator-go#128
- Builder information, such as runner env (except hash)
- Auto-close issues when e2e tests pass
- Document how it works and what each workflow does
- compile-builder option #74
- adversarial test with bogus binary in releases
from slsa-github-generator.
laurentsimon
commented on June 12, 2024
We should verify that the the provenance generated by these e2e tests can be verified by the slsa-verifier at head and for previous versions released
from slsa-github-generator.
laurentsimon
commented on June 12, 2024
Done. Closing.
from slsa-github-generator.
Related Issues (20)
- [e2e]: go schedule main config-ldflags-main-dir slsa3 HOT 8
- [e2e]: go schedule main config-ldflags-main slsa3 HOT 8
- [e2e]: delegator-generic tag main default slsa3 HOT 7
- [e2e]: delegator-lowperms create main default slsa3 HOT 7
- [e2e]: delegator-generic create main checkout slsa3 HOT 7
- [e2e]: delegator-generic create main default slsa3 HOT 7
- [e2e]: gradle workflow_dispatch main default slsa3 HOT 7
- [e2e]: delegator-lowperms tag main default slsa3 HOT 7
- [e2e]: go tag main config-ldflags-assets-draft-tag slsa3 HOT 6
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [e2e]: go tag main config-ldflags-noassets slsa3 HOT 4
- [e2e]: generic tag main goreleaser-assets-multi-subjects slsa3 HOT 5
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [e2e]: go release main config-ldflags-assets slsa3 HOT 10
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [e2e]: container tag main default slsa3 HOT 2
- [e2e]: container schedule main continue-on-error slsa3 HOT 1
- [bug] setup-go cache restore fails due to non-default path
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slsa-github-generator.