slsa-framework · laurentsimon · Jun 27, 2022 · Jun 25, 2022
@@ -1,18 +1,18 @@
-on: 
+on:
   schedule:
-    - cron: '0 8 * * *'
+    - cron: "0 8 * * *"
   workflow_dispatch:
 
 permissions: read-all
 
 env:
   GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
   ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
-  #ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
+  # ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
   # WARNING: update build job if CONFIG_FILE changes.
   CONFIG_FILE: .github/configs-go/config-noldflags.yml
 
-jobs:            
+jobs:
   binary-upload:
     runs-on: ubuntu-latest
     env:
@@ -21,7 +21,7 @@ jobs:
       FOR: 45
       EVERY: 5
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - uses: ./.github/actions/tamper-artifact
 
   build:
@@ -35,19 +35,19 @@ jobs:
       # We cannot use ${{ env.CONFIG_FILE }} because env variables are not available.
       config-file: .github/configs-go/config-noldflags.yml
       compile-builder: true
-  
-#   build:
-#     runs-on: ubuntu-latest
-#     steps:
-#       - run: |
-#           exit 1
-  
+
+  #   build:
+  #     runs-on: ubuntu-latest
+  #     steps:
+  #       - run: |
+  #           exit 1
+
   if-succeeded:
     runs-on: ubuntu-latest
     needs: [build]
-    if: needs.build.result == 'success' && needs.verify.result == 'success'
+    if: needs.build.result == 'success'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 
@@ -57,9 +57,9 @@ jobs:
   if-failed:
     runs-on: ubuntu-latest
     needs: [build]
-    if: always() && (needs.build.result == 'failure' || needs.verify.result == 'failure')
+    if: always() && needs.build.result == 'failure'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 

@@ -1,18 +1,18 @@
-on: 
+on:
   schedule:
-    - cron: '0 9 * * *'
+    - cron: "0 9 * * *"
   workflow_dispatch:
 
 permissions: read-all
 
 env:
   GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
   ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
-  #ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
+  # ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
   # WARNING: update build job if CONFIG_FILE changes.
   CONFIG_FILE: .github/configs-go/config-noldflags.yml
 
-jobs:            
+jobs:
   provenance-builder:
     runs-on: ubuntu-latest
     env:
@@ -23,7 +23,7 @@ jobs:
       FOR: 30
       EVERY: 2
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - uses: ./.github/actions/tamper-artifact
 
   build:
@@ -37,19 +37,19 @@ jobs:
       # We cannot use ${{ env.CONFIG_FILE }} because env variables are not available.
       config-file: .github/configs-go/config-noldflags.yml
       compile-builder: true
-  
-#   build:
-#     runs-on: ubuntu-latest
-#     steps:
-#       - run: |
-#           exit 1
-  
+
+  #   build:
+  #     runs-on: ubuntu-latest
+  #     steps:
+  #       - run: |
+  #           exit 1
+
   if-succeeded:
     runs-on: ubuntu-latest
     needs: [build]
-    if: needs.build.result == 'success' && needs.verify.result == 'success'
+    if: needs.build.result == 'success'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 
@@ -59,9 +59,9 @@ jobs:
   if-failed:
     runs-on: ubuntu-latest
     needs: [build]
-    if: always() && (needs.build.result == 'failure' || needs.verify.result == 'failure')
+    if: always() && needs.build.result == 'failure'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 

@@ -1,18 +1,18 @@
-on: 
+on:
   schedule:
-    - cron: '0 1 * * *'
+    - cron: "0 1 * * *"
   workflow_dispatch:
 
 permissions: read-all
 
 env:
   GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
   ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
-  #ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
+  # ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
   # WARNING: update build job if CONFIG_FILE changes.
   CONFIG_FILE: .github/configs-go/config-noldflags.yml
 
-jobs:            
+jobs:
   build-builder:
     runs-on: ubuntu-latest
     env:
@@ -21,8 +21,8 @@ jobs:
       FOR: 45
       EVERY: 5
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
-      # Note: build-dry and build should fail. It's hard to tell which failed, 
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
+      # Note: build-dry and build should fail. It's hard to tell which failed,
       # but they both should. It's good enough to verify that the re-usable workflow always fails.
       - uses: ./.github/actions/tamper-artifact
 
@@ -37,19 +37,19 @@ jobs:
       # We cannot use ${{ env.CONFIG_FILE }} because env variables are not available.
       config-file: .github/configs-go/config-noldflags.yml
       compile-builder: true
-  
-#   build:
-#     runs-on: ubuntu-latest
-#     steps:
-#       - run: |
-#           exit 1
-  
+
+  #   build:
+  #     runs-on: ubuntu-latest
+  #     steps:
+  #       - run: |
+  #           exit 1
+
   if-succeeded:
     runs-on: ubuntu-latest
     needs: [build]
-    if: needs.build.result == 'success' && needs.verify.result == 'success'
+    if: needs.build.result == 'success'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 
@@ -59,9 +59,9 @@ jobs:
   if-failed:
     runs-on: ubuntu-latest
     needs: [build]
-    if: always() && (needs.build.result == 'failure' || needs.verify.result == 'failure')
+    if: always() && needs.build.result == 'failure'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 

@@ -1,6 +1,6 @@
-on: 
+on:
   schedule:
-    - cron: '0 5 * * *'
+    - cron: "0 5 * * *"
   workflow_dispatch:
   push:
     tags:
@@ -11,7 +11,7 @@ permissions: read-all
 env:
   GH_TOKEN: ${{ secrets.E2E_GO_TOKEN }}
   ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
-  #ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
+  # ISSUE_REPOSITORY: laurentsimon/slsa-on-github-test
   # WARNING: update build job if CONFIG_FILE changes.
   CONFIG_FILE: .github/configs-go/config-ldflags.yml
   DEFAULT_VERSION: v12.0.0
@@ -23,27 +23,27 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - id: create
         run: |
           set -euo pipefail
 
           # Note: we use v12.x.y
           ./.github/workflows/scripts/e2e-create-release.sh
-  
-  shim: 
+
+  shim:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref_type == 'tag'
     outputs:
       continue: ${{ steps.verify.outputs.continue }}
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - id: verify
         run: |
           set -euo pipefail
 
           ./.github/workflows/scripts/e2e-verify-release.sh
-  
+
   asset-binary:
     needs: [shim]
     if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.ref_type == 'tag'
@@ -54,7 +54,7 @@ jobs:
       FOR: 75
       EVERY: 5
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - uses: ./.github/actions/tamper-artifact
 
   args:
@@ -73,15 +73,15 @@ jobs:
       - id: ldflags
         run: |
           set -euo pipefail
-          
+
           THIS_FILE=$(gh api -H "Accept: application/vnd.github.v3+json" "/repos/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | jq -r '.path' | cut -d '/' -f3)
           BRANCH=$(echo "$THIS_FILE" | cut -d '.' -f4)
           echo "::set-output name=version::-X main.gitVersion=v1.2.3"
           echo "::set-output name=commit::-X main.gitCommit=abcdef"
           echo "::set-output name=branch::-X main.gitBranch=$BRANCH"
 
   build:
-    needs: [shim,args]
+    needs: [shim, args]
     if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.ref_type == 'tag'
     permissions:
       id-token: write # For signing.
@@ -94,7 +94,7 @@ jobs:
       config-file: .github/configs-go/config-ldflags.yml
       evaluated-envs: "VERSION:${{needs.args.outputs.version}},COMMIT:${{needs.args.outputs.commit}},BRANCH:${{needs.args.outputs.branch}}"
       compile-builder: true
-  
+
   # build:
   #   runs-on: ubuntu-latest
   #   steps:
@@ -104,21 +104,21 @@ jobs:
 
   if-succeeded:
     runs-on: ubuntu-latest
-    needs: [shim,build]
+    needs: [shim, build]
     if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.ref_type == 'tag' && needs.build.result == 'success'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail
 
           ./.github/workflows/scripts/e2e-report-failure.sh
 
   if-failed:
     runs-on: ubuntu-latest
-    needs: [shim,build]
+    needs: [shim, build]
     if: always() && needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.ref_type == 'tag' && needs.build.result == 'failure'
     steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
       - run: |
           set -euo pipefail