As a followup to #<> this PR adds a new pre-submit workflow to run within pull requests that will produce a provenance with the generic generator, and attempt to verify it with the slsla-verifier at the latest commit in main. This will be a faster way to test changes to both slsa-github-generator and slsa-verifier without needing to issue new releases.
This new workflow also runs on a daily schedule and failures will auto-open new issues, like our existing e2e workflows.
ramonpetgrave64
commented
1 week ago
Summary
As a followup to #<> this PR adds a new pre-submit workflow to run within pull requests that will produce a provenance with the generic generator, and attempt to verify it with the slsla-verifier at the latest commit in main. This will be a faster way to test changes to both slsa-github-generator and slsa-verifier without needing to issue new releases.
This new workflow also runs on a daily schedule and failures will auto-open new issues, like our existing e2e workflows.
Testing Process
[ ] All steps in the workflow succeed.
Checklist