feat: generate SLSA provenance for release binaries

[laurentsimon]

Generate non-forgeable provenance, as proposed in #729

Below is an example of what the provenance looks like:

{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "https://slsa.dev/provenance/v0.2",
  "subject": [
    {
      "name": "ko-copy_5.0.1_Windows_arm64.tar.gz",
      "digest": {
        "sha256": "01a6a93df134ff638c7da1ccdd735398a979cb08c9d103e64d3a22f29e23223b"
      }
    },
    {
      "name": "ko-copy_5.0.1_Linux_i386.tar.gz",
      "digest": {
        "sha256": "520bcf95c284d0e9c43f02ae516f7ad35d26a24d9103d49e5977ed9a94511017"
      }
    },
    ...
  ],
  "predicate": {
    "builder": {
      "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.0.0"
    },
    "buildType": "https://github.com/slsa-framework/slsa-github-generator@v1",
    "invocation": {
      "configSource": {
        "uri": "git+https://github.com/google/ko@refs/tags/v0.0.4",
        "digest": {
          "sha1": "b6e9b26f5c8af4fbcb880f14ac9ad961a2b84e43"
        },
        "entryPoint": ".github/workflows/slsa-release.yml"
      },
      "parameters": {},
      "environment": {
        "arch": "X64",
        "github_actor": "laurentsimon",
        "github_actor_id": "64505099",
        "github_base_ref": "",
        "github_event_name": "push",
        "github_event_payload": {...},
        "github_head_ref": "",
        "github_ref": "refs/tags/v0.0.4",
        "github_ref_type": "tag",
        "github_repository_id": "501698356",
        "github_repository_owner": "laurentsimon",
        "github_repository_owner_id": "64505099",
        "github_run_attempt": "1",
        "github_run_id": "2497311143",
        "github_run_number": "4",
        "github_sha1": "b6e9b26f5c8af4fbcb880f14ac9ad961a2b84e43",
        "os": "ubuntu20"
      }
    },
    "buildConfig": nil,
    "metadata": {
      "buildInvocationID": "2497311143-1",
      "completeness": {
        "parameters": true,
        "environment": false,
        "materials": false
      },
      "reproducible": false
    },
    "materials": [
      {
        "uri": "git+https://github.com/google/ko@refs/tags/v0.0.4",
        "digest": {
          "sha1": "b6e9b26f5c8af4fbcb880f14ac9ad961a2b84e43"
        }
      },
      {
        "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu20/20220605.1"
      }
    ]
  }
}

[imjasonh]

Cool! Always happy to test out better supply chain security workflows 😎

[imjasonh]

This comment will (hopefully) fall out of date pretty fast. Can we just say, "here's how to install a release", and then later, "here's how to verify the released artifact"? The verifying-the-release section may even make more sense lower in the README, since folks who already have ko installed may not want to scroll past it.

(Longer term I'd love to not have one big README and instead have a real website with docs and tutorials and everything, but until then...)

[laurentsimon]

I've made some changes. Can you take a look and tell me what you think?

[laurentsimon]

Cool! Always happy to test out better supply chain security workflows 😎

Awesome, thanks!

[imjasonh]

Does this need to be its own file? I'm worried about this diverging from goreleaser eventually.

Or, if the idea is to eventually only have the SLSA-flavored goreleaser workflow, I wonder if you've considered just adding the SLSA provenance functionality to goreleaser proper, and not having your own fork?

[laurentsimon]

Does this need to be its own file? I'm worried about this diverging from goreleaser eventually.

right now it needs to be its own file, yes.

Or, if the idea is to eventually only have the SLSA-flavored goreleaser workflow,

correct. In the next release we will support multiple builds, so we should be able to migrate the rest of the config.

I wonder if you've considered just adding the SLSA provenance functionality to goreleaser proper, and not having your own fork?

We have (see goreleaser/goreleaser#2737) and we emailed them, but no concrete plan yet :/

[imjasonh]

It sounds like there's still some discussion happening on goreleaser/goreleaser#2737, and I'd kind of like that to land somewhere before proceeding to fork the release process here. If you need any help getting the SLSA provenance generation landed in goreleaser, let me know.

I'd rather not have a forked release process per-target-arch, and long term, I'd prefer to rely on the standard upstream goreleaser if at all possible.

[laurentsimon]

It sounds like there's still some discussion happening on goreleaser/goreleaser#2737, and I'd kind of like that to land somewhere before proceeding to fork the release process here. If you need any help getting the SLSA provenance generation landed in goreleaser, let me know.

Would love your help. Much appreciated, thanks!

I'd rather not have a forked release process per-target-arch, and long term, I'd prefer to rely on the standard upstream goreleaser if at all possible.

Any particular reason? We'd like to learn about blockers to adoption to improve our solution. Feedback welcome!

Multi-build support will be added next quarter.

[imjasonh]

It's mainly just for consistency among our released artifacts. The x86_64 binary is definitely the most used, and if behavior continues to diverge between them I don't want the minority of users to have different behavior. Ideally goreleaser would pick up these improvements (rooting for #2737!) and all our released binaries would immediately and consistently get better.

[laurentsimon]

SG. What if we land multi-build support in v2? Would that alleviate the problem? I'd like to know what the minimum requirements would be, so that we can target them for our v2 release.

Thanks again for you help and feedback!

[imjasonh]

I'm not sure I understand what multi-build support entails, or v2 of what project. In my ideal scenario, goreleaser would be able to be configured to generate and attach attestation documents to releases, which users could use to verify the provenance of each goreleaser-built artifact.

Ideally that's done by just adding generate-attestations: true in the goreleaser.yaml somewhere, and no new dependencies on other projects.

[laurentsimon]

Sorry for the confusion. What I mean is that in the next release of our SLSA builder, we will support building for multiple arch/os at once, like Goreleaser does. So it would be easy to migrate to our builder instead of Goreleaser with a similar config file.

Ideally that's done by just adding generate-attestations: true in the goreleaser.yaml somewhere, and no new dependencies on other projects.

I'd like to understand better the requirement to use Goreleaser.

Any update on #2737?

[laurentsimon]

Any further concern I should address?

[laurentsimon]

I've updated the PR:

1. Keep the current GoReleaser config
2. Add a call to the SLSA generator to create provenance using the output of GoReleaser. The provenance file attests that the build was created in the release.yaml workflow, at a particular commit.

A follow-up PR would be to verify the binary pulled in https://github.com/imjasonh/setup-ko/blob/main/action.yml#L41. We're still working on a GHA installer for the verifier, so that is not ready yet :)

Appreciate your feedback. Thanks again

[laurentsimon]

note: this will create an attestation file attestation.intoto.jsonl by default. The name can be customized with the option: attestation-name: xxx.intoto.jsonl if you want.

[laurentsimon]

Fyi, this PR is ready to be reviewed.
Let me know if you have questions. Thanks!

[imjasonh]

Fyi, this PR is ready to be reviewed. Let me know if you have questions. Thanks!

I probably won't have the bandwidth to review this closely for at least a week or so. I'm excited to see this progressing though, and especially now that it seems to require fewer changes to the release process. Thanks for pushing on that! 👍

[laurentsimon]

Friendly ping. Would love to hear your feedback. Thanks again.

[imjasonh]

This looks pretty good to me. Would it be possible to have the release workflow also attempt to verify it, so we can detect quickly if verification is silently broken due to some future change?

@jonjohnsonjr any concerns?

[codecov-commenter]

Codecov Report

Merging #730 (4a4897b) into main (7fafb61) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #730   +/-   ##
=======================================
  Coverage   51.40%   51.40%           
=======================================
  Files          44       44           
  Lines        3336     3336           
=======================================
  Hits         1715     1715           
  Misses       1403     1403           
  Partials      218      218           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[laurentsimon]

This looks pretty good to me. Would it be possible to have the release workflow also attempt to verify it, so we can detect quickly if verification is silently broken due to some future change?

I can do that. How to you typically create the tag? Via a git command or via the GitHub UX?

@jonjohnsonjr any concerns?

[imjasonh]

I usually do it through the UI, but I think triggering based on new tags should catch both cases.

[laurentsimon]

I have added the verification job. PTAL.

[laurentsimon]

@imjasonh any other feedback you'd like me to address?

[developer-guy]

As we completed the SLSA provenance generation for release binaries, should we move on with the same for ko images? @imjasonh ^^