Skip to content

Add SLSA build provenance attestations to release workflows#7097

Merged
jh-block merged 3 commits intomainfrom
tlongwell/slsa-build-provenance
Feb 12, 2026
Merged

Add SLSA build provenance attestations to release workflows#7097
jh-block merged 3 commits intomainfrom
tlongwell/slsa-build-provenance

Conversation

@tlongwell-block
Copy link
Collaborator

@tlongwell-block tlongwell-block commented Feb 9, 2026
edited
Loading

Add actions/attest-build-provenance to release, canary, nightly, and Docker workflows. Every CLI binary, desktop bundle, Linux package, and container image now gets a signed provenance attestation via Sigstore.

Users can verify any artifact with:
gh attestation verify --repo block/goose

Changes:

  • release.yml: attestations:write permission + attestation step
  • canary.yml: explicit permissions block + attestation step
  • publish-docker.yml: id-token:write, attestations:write, capture image digest, attest with push-to-registry

Closes #5994

@tlongwell-block
Add SLSA build provenance attestations to release workflows
79262ec 
Add actions/attest-build-provenance to release, canary, nightly, and
Docker workflows. Every CLI binary, desktop bundle, Linux package, and
container image now gets a signed provenance attestation via Sigstore.

Users can verify any artifact with:
  gh attestation verify <artifact> --repo block/goose

Changes:
- release.yml: attestations:write permission + attestation step
- canary.yml: explicit permissions block + attestation step
- nightly.yml: explicit permissions block + attestation step
- publish-docker.yml: id-token:write, attestations:write, capture
  image digest, attest with push-to-registry

Closes #5994
@tlongwell-block
Copy link
Collaborator Author

tlongwell-block commented Feb 9, 2026

/goose

@github-actions
Copy link
Contributor

github-actions bot commented Feb 9, 2026

PR #7097 Review: Add SLSA build provenance attestations to release workflows

Summary: This PR adds SLSA (Supply Chain Levels for Software Artifacts) build provenance attestations to all release workflows using GitHub's actions/attest-build-provenance action with Sigstore OIDC signing. This is a well-implemented security enhancement that allows users to cryptographically verify the integrity and origin of release artifacts.

✅ Highlights

  1. Correct permission setup: All workflows correctly add both id-token: write (for Sigstore OIDC signing) and attestations: write (for storing attestations) at the appropriate scope levels.

  2. Proper action pinning: The actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 action is pinned to a specific SHA with version comment - this is security best practice for supply chain integrity.

  3. Docker attestation done right: The Docker image attestation correctly:

    • Uses the digest reference (${{ steps.docker-push.outputs.digest }}) rather than a mutable tag
    • Sets push-to-registry: true to attach the attestation to the registry
    • References the correct repository name

  4. Consistent subject-path patterns: The subject-path patterns correctly match the existing artifacts patterns in each workflow:

    • release.yml: includes goose-*.zip and *.flatpak
    • canary.yml/nightly.yml: includes **/*.flatpak (no goose-*.zip)

    These differences are pre-existing in the artifact definitions and not introduced by this PR.

  5. Good placement: The attestation step is placed after artifact download but before the release step, ensuring all artifacts are attested before publication.

🟢 Suggestions

  1. Consider consolidating artifact patterns (out of scope for this PR): The differences in artifact patterns between release.yml and canary.yml/nightly.yml could be worth investigating in a follow-up - e.g., why does only the versioned release include goose-*.zip? This is pre-existing technical debt, not introduced by this PR.

Overall Assessment

Approve - This is a clean, well-implemented security enhancement. The PR correctly applies the attestation action across all four release workflows with proper permissions, action pinning, and artifact patterns that match the existing release configurations.

Review generated by goose

@tlongwell-block tlongwell-block marked this pull request as ready for review February 9, 2026 21:29
@tlongwell-block
Merge remote-tracking branch 'origin/main' into tlongwell/slsa-build-…
ddade23 
…provenance

* origin/main: (68 commits)
  Upgraded npm packages for latest security updates (#7183)
  docs: reasoning effort levels for Codex provider (#6798)
  Fix speech local (#7181)
  chore: add .gooseignore to .gitignore (#6826)
  Improve error message logging from electron (#7130)
  chore(deps): bump jsonwebtoken from 9.3.1 to 10.3.0 (#6924)
  docs: standalone mcp apps and apps extension (#6791)
  workflow: auto-update cli-commands on release (#6755)
  feat(apps): Integrate AppRenderer from @mcp-ui/client SDK (#7013)
  fix(MCP): decode resource content (#7155)
  feat: reasoning_content in API for reasoning models (#6322)
  Fix/configure add provider custom headers (#7157)
  fix: handle keyring fallback as success (#7177)
  Update process-wrap to 9.0.3 (9.0.2 is yanked) (#7176)
  feat: support extra field in chatcompletion tool_calls for gemini openai compat (#6184)
  fix: replace panic with proper error handling in get_tokenizer (#7175)
  Lifei/smoke test for developer (#7174)
  fix text editor view broken (#7167)
  docs: White label guide (#6857)
  Add PATH detection back to developer extension (#7161)
  ...

# Conflicts:
#	.github/workflows/nightly.yml
@tlongwell-block
fix: normalize flatpak glob in canary attestation step
40c05c3 
Change **/*.flatpak to *.flatpak to match the release step's glob
pattern and be consistent with release.yml attestation.
@tlongwell-block
Copy link
Collaborator Author

tlongwell-block commented Feb 12, 2026

/goose

@github-actions
Copy link
Contributor

github-actions bot commented Feb 12, 2026

Summary: This PR correctly adds SLSA build provenance attestations to the release, canary, and Docker workflows using the actions/attest-build-provenance action. The implementation is well-structured with properly pinned actions and minimal permission additions. One minor documentation issue in the PR description.

🟡 Warnings

  1. PR description inaccuracy - The PR body mentions modifying nightly.yml, but this file doesn't exist and no such changes are in the diff:

    "nightly.yml: explicit permissions block + attestation step"

    Recommend updating the PR description to remove the nightly.yml reference to avoid confusion.

🟢 Suggestions

  1. Consider attestation for install script (.github/workflows/canary.yml, .github/workflows/release.yml) - The download_cli.sh script is included in subject-path. While not harmful, shell scripts are typically lower-value attestation targets since users often pipe them directly (curl | sh). Consider whether this adds meaningful security value or could be omitted for simplicity.

✅ Highlights

  1. Properly pinned action with verified SHA - The actions/attest-build-provenance action is correctly pinned to commit SHA 96278af6caaf10aea03fd8d33a09a777ca52d62f with a version comment (# v3.2.0). I verified this SHA matches the v3.2.0 tag.

  2. Minimal permission scope - Permissions are added at the appropriate level:

    • id-token: write for Sigstore OIDC signing
    • attestations: write for creating attestations
    • Job-level permissions in release.yml keep the blast radius minimal

  3. Consistent artifact patterns - The subject-path patterns in each workflow correctly match the existing artifacts: patterns in the release actions. For example, release.yml includes goose-*.zip for Windows CLI builds while canary.yml doesn't (matching their respective existing artifact lists).

  4. Docker attestation done correctly - The Docker workflow properly:

    • Adds an id: docker-push to capture the build output
    • Uses subject-digest: ${{ steps.docker-push.outputs.digest }} to reference the exact image
    • Sets push-to-registry: true to push attestations to the registry

Review generated by goose

@jh-block jh-block merged commit 60e782c into main Feb 12, 2026
18 of 22 checks passed
@jh-block jh-block deleted the tlongwell/slsa-build-provenance branch February 12, 2026 19:54
@BrewTestBot BrewTestBot mentioned this pull request Feb 12, 2026
Merged
jh-block added a commit that referenced this pull request Feb 13, 2026
@jh-block
Merge remote-tracking branch 'origin/main' into local-models-candle
90477d2 
* origin/main: (21 commits)
  nit: show dir in title, and less... jank (#7138)
  feat(gemini-cli): use stream-json output and re-use session (#7118)
  chore(deps): bump qs from 6.14.1 to 6.14.2 in /documentation (#7191)
  Switch jsonwebtoken to use aws-lc-rs (already used by rustls) (#7189)
  chore(deps): bump qs from 6.14.1 to 6.14.2 in /evals/open-model-gym/mcp-harness (#7184)
  Add SLSA build provenance attestations to release workflows (#7097)
  fix save and run recipe not working (#7186)
  Upgraded npm packages for latest security updates (#7183)
  docs: reasoning effort levels for Codex provider (#6798)
  Fix speech local (#7181)
  chore: add .gooseignore to .gitignore (#6826)
  Improve error message logging from electron (#7130)
  chore(deps): bump jsonwebtoken from 9.3.1 to 10.3.0 (#6924)
  docs: standalone mcp apps and apps extension (#6791)
  workflow: auto-update cli-commands on release (#6755)
  feat(apps): Integrate AppRenderer from @mcp-ui/client SDK (#7013)
  fix(MCP): decode resource content (#7155)
  feat: reasoning_content in API for reasoning models (#6322)
  Fix/configure add provider custom headers (#7157)
  fix: handle keyring fallback as success (#7177)
  ...
@github-actions github-actions bot mentioned this pull request Feb 13, 2026
Open
katzdave added a commit that referenced this pull request Feb 13, 2026
@katzdave
Merge branch 'main' of github.com:block/goose into dkatz/canonical-co…
3a3148d 
…ntext

* 'main' of github.com:block/goose:
  feat: add onFallbackRequest handler to McpAppRenderer (#7208)
  feat: add streaming support for Claude Code CLI provider (#6833)
  fix: The detected filetype is PLAIN_TEXT, but the provided filetype was HTML (#6885)
  Add prompts (#7212)
  Add testing instructions for speech to text (#7185)
  Diagnostic files copying (#7209)
  fix: allow concurrent tool execution within the same MCP extension (#7202)
  fix: handle missing arguments in MCP tool calls to prevent GUI crash (#7143)
  Filter Apps page to only show standalone Goose Apps (#6811)
  opt: use static for Regex (#7205)
  nit: show dir in title, and less... jank (#7138)
  feat(gemini-cli): use stream-json output and re-use session (#7118)
  chore(deps): bump qs from 6.14.1 to 6.14.2 in /documentation (#7191)
  Switch jsonwebtoken to use aws-lc-rs (already used by rustls) (#7189)
  chore(deps): bump qs from 6.14.1 to 6.14.2 in /evals/open-model-gym/mcp-harness (#7184)
  Add SLSA build provenance attestations to release workflows (#7097)
  fix save and run recipe not working (#7186)
  Upgraded npm packages for latest security updates (#7183)
  docs: reasoning effort levels for Codex provider (#6798)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexhancock alexhancock alexhancock approved these changes

@DOsinga DOsinga DOsinga approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add SLSA build provenance attestations to release artifacts

4 participants

@tlongwell-block @alexhancock @DOsinga @jh-block