Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add GitLab CI provenance #6375

Merged
merged 12 commits into from
May 12, 2023
Merged

feat: Add GitLab CI provenance #6375

merged 12 commits into from
May 12, 2023

Commits on May 4, 2023

  1. libnpmpublish: Add GitLab CI provenance. 

    This is a first pass at provenance generation for GitLab CI.

This is based loosely off of existing GitLab provenance documents:
https://about.gitlab.com/blog/2022/11/30/achieve-slsa-level-2-compliance-with-gitlab/
https://gist.github.com/wlynch/c7fd8f53adc77d3c0ec82356e4d43cb5

Currently this pulls values from environment variables.
I'm aware we want to pull this data from authenticated JWTs for
GitHub provenance, but I don't know what is in flight so I am starting
here for now, marking as v1alpha1 until we have more confidence in the
provenance spec.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    030956b View commit details
    Browse the repository at this point in the history

  2. libnpmpublish: [gitlab] un-refactor generate provenance, add check for 

    SIGSTORE_ID_TOKEN.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    d22dcee View commit details
    Browse the repository at this point in the history

  3. GitLab provenance: change version to v0alpha1, include links to GitLab 

    OIDC docs.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    0830de9 View commit details
    Browse the repository at this point in the history

  4. Remove fallthrough case in provenance.js. 

    This case is already covered in publish.js, so it was recommended that
this was removed.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    cabf14f View commit details
    Browse the repository at this point in the history

  5. Set GITHUB_ACTIONS environment variable to false in tests. 

    Current theory is that this is causing the tests to fail, since the
library is picking up the real GitHub Actions runner when running in CI.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    19bbf76 View commit details
    Browse the repository at this point in the history

  6. Add additional pipeline data into environment. 

    This data probably shouldn't be in environment, but this is where
similar data lives in the GitLab provenance spec today so it likely
makes the most sense to co-locate.
    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    47c544d View commit details
    Browse the repository at this point in the history

  7. libnpmpublish/gitlab: var -> let, revise error string.

    @wlynch
    wlynch committed May 4, 2023
    Configuration menu
    Copy the full SHA
    2806562 View commit details
    Browse the repository at this point in the history

Commits on May 11, 2023

  1. Remove CI_REPOSITORY_URL, CI_BUILD_REF. 

    CI_BUILD_REF doesn't actually exist, CI_REPOSITORY_URL contains an
access token.
    @wlynch
    wlynch committed May 11, 2023
    Configuration menu
    Copy the full SHA
    3853fbc View commit details
    Browse the repository at this point in the history

  2. Remove GITLAB_USER_NAME, GITLAB_USER_EMAIL. 

    These values are a bit too much PII, so remove for now and only include
GITLAB_USER_ID and GITLAB_USER_LOGIN.
    @wlynch
    wlynch committed May 11, 2023
    Configuration menu
    Copy the full SHA
    8b1257d View commit details
    Browse the repository at this point in the history

Commits on May 12, 2023

  1. Remove CI_COMMIT_AUTHOR, CI_COMMIT_DESCRIPTION, CI_COMMIT_MESSAGE

    @wlynch
    wlynch committed May 12, 2023
    Configuration menu
    Copy the full SHA
    3bb9bfb View commit details
    Browse the repository at this point in the history

  2. Remove commented lines from test.

    @wlynch
    wlynch committed May 12, 2023
    Configuration menu
    Copy the full SHA
    cd8a88d View commit details
    Browse the repository at this point in the history

  3. Use ci-info.name for provenance log statement.

    @wlynch
    wlynch committed May 12, 2023
    Configuration menu
    Copy the full SHA
    fcf02f9 View commit details
    Browse the repository at this point in the history