Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix release-signing-artifacts behavior and docs #103

Merged
merged 3 commits into from
Jan 10, 2024
Merged

Fix release-signing-artifacts behavior and docs #103

merged 3 commits into from
Jan 10, 2024

Conversation

woodruffw
Copy link
Member

This has two parts:

  • We now silently ignore release-signing-artifacts if the GITHUB_EVENT_NAME is not release, since it can only work in the context of releases and their associated artifacts.
  • The documentation for release-signing-artifacts now makes this clear.

CC @stevenh for review as well, as the original reporter 🙂

Closes #99.

@woodruffw
action: don't attempt to download artifacts on non-releases
8027707 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
README: clarify release-signing-artifacts behavior
2dcf66a 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from jku January 9, 2024 21:43
@woodruffw
add another selftest
3a6bf36 
Signed-off-by: William Woodruff <william@trailofbits.com>
@stevenh
Copy link

stevenh commented Jan 10, 2024

Looks good to me.

jku
jku approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@jku jku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me when I take for granted that the action expects to be run on a workflow triggered by "release" event to be able to do this (it's a bit weird but I can see why -- GitHubs release tarball baking happens in a black box)

README.md
@@ -370,6 +370,7 @@ Example:

The `release-signing-artifacts` setting controls whether or not `sigstore-python`
uploads signing artifacts to the release publishing event that triggered this run.
This setting has no effect on non-`release` events.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also did not realise the intended usage was to use the "release" event so this is useful (I've always made my release pipelines triggered from release git tags).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, which is why I tripped over it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, this was entirely an oversight on our side -- the actual release uploading step only runs when the event name matches; we just missed the corresponding check on this side 🙂

@woodruffw woodruffw merged commit b3690e3 into main Jan 10, 2024
27 checks passed
@woodruffw woodruffw deleted the ww/clarify-docs branch January 10, 2024 15:27
@stevenh
Copy link

stevenh commented Jan 10, 2024

Thanks for fixing so quickly folks, this is what makes open source so great 🥇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenh stevenh stevenh left review comments

@jku jku jku approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

release-signing-artifacts fails on push tags trigger
3 participants
@woodruffw @stevenh @jku