chore: remove SLSA from the workflow

ilijamt · Apr 13, 2024 · 5722a0a · 5722a0a
1 parent a74516b
commit 5722a0a
Showing 1 changed file with 42 additions and 42 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -47,45 +47,45 @@ jobs:
           checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
           echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
 
-  binary-provenance:
-    needs: [goreleaser]
-    permissions:
-      actions: read
-      id-token: write
-      contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
-    with:
-      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
-      upload-assets: true
-
-  verification-with-slsa-verifier:
-    needs: [goreleaser, binary-provenance]
-    runs-on: ubuntu-latest
-    permissions: read-all
-    steps:
-      - name: Install the verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@v2.5.1
-      - name: Download assets
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
-        run: |
-          set -euo pipefail
-          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
-          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.zip"
-          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$PROVENANCE"
-      - name: Verify assets
-        env:
-          CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
-          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
-        run: |
-          set -euo pipefail
-          checksums=$(echo "$CHECKSUMS" | base64 -d)
-          while read -r line; do
-              fn=$(echo $line | cut -d ' ' -f2)
-              echo "Verifying $fn"
-              slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \
-                                            --source-uri "github.com/$GITHUB_REPOSITORY" \
-                                            --source-tag "$GITHUB_REF_NAME" \
-                                            "$fn"
-          done <<<"$checksums"
+#  binary-provenance:
+#    needs: [goreleaser]
+#    permissions:
+#      actions: read
+#      id-token: write
+#      contents: write
+#    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+#    with:
+#      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
+#      upload-assets: true
+#
+#  verification-with-slsa-verifier:
+#    needs: [goreleaser, binary-provenance]
+#    runs-on: ubuntu-latest
+#    permissions: read-all
+#    steps:
+#      - name: Install the verifier
+#        uses: slsa-framework/slsa-verifier/actions/installer@v2.5.1
+#      - name: Download assets
+#        env:
+#          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
+#        run: |
+#          set -euo pipefail
+#          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
+#          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.zip"
+#          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$PROVENANCE"
+#      - name: Verify assets
+#        env:
+#          CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
+#          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
+#        run: |
+#          set -euo pipefail
+#          checksums=$(echo "$CHECKSUMS" | base64 -d)
+#          while read -r line; do
+#              fn=$(echo $line | cut -d ' ' -f2)
+#              echo "Verifying $fn"
+#              slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \
+#                                            --source-uri "github.com/$GITHUB_REPOSITORY" \
+#                                            --source-tag "$GITHUB_REF_NAME" \
+#                                            "$fn"
+#          done <<<"$checksums"