[bug] Maven / Gradle builders fail to run concurrently #2662
Assignees
Labels
area:gradle
Issue related to the gradle builder
area:maven
Issue related to maven
type:bug
Something isn't working
Milestone
Comments
laurentsimon
added
type:bug
|
Relevant part of the BYOB docs https://github.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md#update-tca |
|
1 and 2 are fixed here: #2665 |
|
#3 is fixed here: slsa-framework/example-package#281 |
laurentsimon
pushed a commit
that referenced
this issue
Aug 21, 2023
Fixes the following from #2662: - The internal Action. It must add randomization and return a new output - The publish / download Actions. They need an additional input for the randomized name. --------- Signed-off-by: AdamKorcz <adam@adalogics.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If two jobs within the same workflow run the Maven builder, e.g. on two projects hosted on the same repo, the target folders will have a name collision, due to lack of randomization in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/gradle/action.yml#L120-L123 and similarly in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/maven/action.yml#L108-L111
The artifact name (not the name on disk) needs to be randomized, as in
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/nodejs/action.yml#L84-L94
This requires an update to:
NOTE: The nodejs builder has the relevant code as example.
The text was updated successfully, but these errors were encountered: