-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add vsa e2e #379
feat: add vsa e2e #379
Conversation
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wondering, about how long does this take to run, given it's verifying ~3000 VSAs?
declare -a FILE_PATHS | ||
while IFS= read -r file; do | ||
FILE_PATHS+=("$file") | ||
done < <(find ./gke-node-images:238739202978 ./gke-master-images:78064567238 -type f) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be better to search for all intoto.jsonl files, so if they add other top level directories in the future, this script will pick them up?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the time they add support for container images, I suspect they may change the structure of the directories, so I hesitate to simple look for all intoto.jsonl files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we fail if we find no files, so SG, this should be sufficient and will catch if they make changes in the future.
About 38s to run slsa-verifier against all the VSAs, and about 2m for the whole workflow. |
declare -a FILE_PATHS | ||
while IFS= read -r file; do | ||
FILE_PATHS+=("$file") | ||
done < <(find ./gke-node-images:238739202978 ./gke-master-images:78064567238 -type f) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we fail if we find no files, so SG, this should be sufficient and will catch if they make changes in the future.
followup to slsa-framework/slsa-verifier#777
adds e2e tests for VSAs
Testing
example successful run
example failed run