Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for pull_request #358

Open
ianlewis opened this issue Jun 20, 2022 · 5 comments
Open

Support for pull_request #358

ianlewis opened this issue Jun 20, 2022 · 5 comments
Labels
status:help wanted Extra attention is needed type:feature New feature or request

Comments

@ianlewis
Copy link
Member

This is a tracking issue for supporting pull_request events. Please comment regarding your use case.

@asraa
Copy link
Collaborator

asraa commented Oct 8, 2022

Another use-case: is to test the configuration.

For example, I didn't realize that env vars are case-sensitive and ran into this problem

env variable empty or not set: {{ .Env.Version }}

because I had been using VERSION in my evaluted-envs.

See slsa-framework/slsa-verifier#298

@ianlewis
Copy link
Member Author

The OpenZepplin folks mentioned that they would like support for pull requests
OpenZeppelin/defender-client#277

@asraa
Copy link
Collaborator

asraa commented Jul 18, 2023

Is there anything stopping delegator from PR events? I believe it should be able to output unsigned attestations if htere's a guard on the sign-attestations step.

@ianlewis
Copy link
Member Author

Right. I think signing is the biggest thing though there are some other subtle differences as well. I think we had issues with which git sha we pick up when generating the provenance? I can't exactly remember but I think detect-workflow-js already supports it:

(workflowData.event === "pull_request" ||

@johnandersen777
Copy link

johnandersen777 commented Sep 8, 2023

It would be nice to have id-token scoped to reflect it being issued within the context of a pull request so that artifacts generated during pull request runs such as OCI images could be uploaded to appropriately access controlled registries.

johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Sep 12, 2023
Token is not available within pull_request context.

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
SteveLasker pushed a commit to scitt-community/scitt-api-emulator that referenced this issue Oct 18, 2023
* Add plugin helper entrypoint_style_load() to assist with loading auth middleware
* Add server CLI arg for Flask middleware loaded via entrypoint style load plugin helper
* OIDC auth middleware plugin
* Refactor test Service expose url with bound port to Flask app
* In preperation for use by flask test app used as OIDC endpoints
* Tests for OIDC based auth middleware
* Update pip, setuptools, wheel to avoid deprecation warning on dependency install.
* Example CI job for GitHub Actions OIDC authenticated notary
* Token is not available within pull_request context.
* Document OIDC authentication middleware usage with GitHub Actions
* Validation of OIDC claims via JSON schema validator

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Related: actions/runner#2417 (comment)

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Nov 23, 2023
…unity#31)

* Add plugin helper entrypoint_style_load() to assist with loading auth middleware
* Add server CLI arg for Flask middleware loaded via entrypoint style load plugin helper
* OIDC auth middleware plugin
* Refactor test Service expose url with bound port to Flask app
* In preperation for use by flask test app used as OIDC endpoints
* Tests for OIDC based auth middleware
* Update pip, setuptools, wheel to avoid deprecation warning on dependency install.
* Example CI job for GitHub Actions OIDC authenticated notary
* Token is not available within pull_request context.
* Document OIDC authentication middleware usage with GitHub Actions
* Validation of OIDC claims via JSON schema validator

Related: slsa-framework/slsa-github-generator#131
Related: slsa-framework/slsa-github-generator#358
Related: actions/runner#2417 (comment)

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status:help wanted Extra attention is needed type:feature New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants