Open laurentsimon opened 1 year ago
/cc @asraa relevant to the discussion in https://github.com/slsa-framework/slsa-verifier/issues/610. Let's keep this usse for tracking the update to docker-based builder and the BYOB builders.
We tentatively agreed in the other issue to keep the workflow but move it under internalParameters
for builders. Generators will need to keep the workflow in externalParameters
. Probably we need a new bool
input to the verify-token
indicating if the call is for a generator or a builder.
Given that there's already GITHUB_WORKFLOW_REF
recorded in the internalParameters
, I think we can drop the workflow
entirely if it's a builder.
In the v1.0, we may leave
blank, because: