search

slsa-framework / slsa-github-generator

Language-agnostic SLSA provenance generation for Github Actions
Apache License 2.0
433 stars 128 forks source link

revert: "feat: produce sigstore Bundles for generic generator and go builder workflows" #3985

Closed ramonpetgrave64 closed 4 weeks ago

ramonpetgrave64 commented 4 weeks ago

Reverts slsa-framework/slsa-github-generator#3777

Lots of new failing errors in our e2e tests today. We may have missed something when testing these changes. For now, we should revert while we debug, and come up with more robust testing methods.

**** Verifying provenance authenticity with verifier at HEAD *****
Testing against builder args
  **** Default parameters (annotated tags) *****
WARNING: Insecure SLSA_VERIFIER_TESTING is enabled.
Verifying artifact hello: FAILED: missing signing certificate in bundle

FAILED: SLSA verification failed: missing signing certificate in bundle
✖ 1 == 0 :: not main default parameters (annotated_tags)
Error: Process completed with exit code 1.
ramonpetgrave64 commented 4 weeks ago

@haydentherapper @loosebazooka