[feature][byob] Add e2e tests

slsa-framework / slsa-github-generator

Language-agnostic SLSA provenance generation for Github Actions

Apache License 2.0

433 stars 131 forks source link

[feature][byob] Add e2e tests #1569

Open laurentsimon opened 1 year ago

laurentsimon commented 1 year ago

This will add:

[ ] pre-submit with a non-signed attestations
[ ] daily runs

asraa commented 1 year ago

pre-submit with a non-signed attestations

You can use something similar to the docker workflows -- where the sign-attestation step or job is gated by an if statement of whether it's a presubmit.

In that one right now it just checks if event != pull_request but it'd be nice to detect if the OIDC request URL is present for a more accurate check.

When the signing is skipped, we instead just upload the generated DSSE attestations.

laurentsimon commented 1 year ago

let's not forget to add tests for referencing the TRW at a non-tag ref.