This PR replaces all fmt print statements with log/slog logs at appropriate levels.
for successes
2024/05/17 17:43:33 INFO Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.6.0 at commit b12088652ee70b25fcd64efd002aa851c6e247fe
2024/05/17 17:43:33 INFO Verifying npm package ../stuff/actions-test.tgz: PASSED
2024/05/17 17:43:33 INFO PASSED: Verified SLSA provenance
and for failures
2024/05/17 17:44:54 ERROR Verifying npm package ../stuff/actions-test.tgz: FAILED: builderID does not match provenance: expected name 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml', got 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builer_nodejs_slsa3.yml'
2024/05/17 17:44:54 ERROR FAILED: SLSA verification failed: builderID does not match provenance: expected name 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml', got 'https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builer_nodejs_slsa3.yml'
exit status 1
If you're using slsa-verifier as a library, you can suppress INFO logs by invoking
Addresses #161, and followup to #768
This PR replaces all
fmtprint statements withlog/sloglogs at appropriate levels.for successes
and for failures
If you're using slsa-verifier as a library, you can suppress INFO logs by invoking