laurentsimon
commented
2 years ago This was done and can be closed?
Open ianlewis opened 2 years ago
laurentsimon
commented
2 years ago This was done and can be closed?
ianlewis
commented
2 years ago No, this is just an idea I had that I wanted to get the repo and ref via the GitHub API instead of by using job_workflow_ref an OIDC token. I'm not sure it's really possible. It's more of a refactor than a feature and it's not really high priority.
laurentsimon
commented
2 years ago ho right, my bad.
asraa
commented
1 year ago Update here: detect-workflow-js works this way so the remaining item here is to (after ensuring some stability in that new action) to deprecate detect-workflow and replace with detect-workflow-js
ianlewis
commented
4 months ago The old detect-workflow action was removed in #1988 and detect-workflow-js does this already. Closing.
github-actions[bot]
commented
4 months ago This issue was reopened by the todo-issue-reopener action in the "TODO Issue Reopener" GitHub Actions workflow because there are TODOs referencing this issue:
ianlewis
commented
4 months ago So I think the issue is that this is fixed for detect-workflow-js but we only use that for our pre-BYOB builders/generators that were written in Go in order to detect which repo/ref to checkout in order to build the builder binary for pre-submits/e2e tests.
We still need to update the pre-BYOB builder code itself to clean up how we deal with pre-submits and e2e tests.
Currently we have to have special case code to run e2e tests in pull requests due to #131. I'd like to get rid of that code so that pull requests run normally.
I want to see if I can't get the repository and ref via the Github API rather than by creating an OIDC token. Creating an OIDC token requires
id-tokenscope which is not normally given to workflows triggered by thepull_requestevent.This wouldn't allow us to sign using sigstore's Github provider, but it would at least solve the problem of getting the reusable workflow repo and ref.