Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docs] Add inputs to provenance examples #3627

Open
ianlewis opened this issue May 14, 2024 · 0 comments
Open

[docs] Add inputs to provenance examples #3627

ianlewis opened this issue May 14, 2024 · 0 comments
Labels
type:documentation Improvements or additions to documentation

Comments

@ianlewis
Copy link
Member

Current provenance examples (e.g. generic generator) do not include inputs. We should have an example that includes inputs (and vars - #1555).
@ianlewis ianlewis added the type:documentation Improvements or additions to documentation label May 14, 2024
This was referenced May 14, 2024
Closed
Merged
Draft
ianlewis added a commit that referenced this issue May 23, 2024
@ianlewis
feat: Record vars in SLSA generators (#3633)
40c607f 
# Summary

Records the GitHub [vars
context](https://docs.github.com/en/actions/learn-github-actions/contexts#vars-context)
in the SLSA invocation in the generic generator and container generator.

The `vars` context is passed to the "builder" binary as a JSON blob via
the `GITHUB_VARS` environment variable. The values are then recorded in
the `invocation.parameters.vars` field of the provenance predicate.
Masking of inputs or vars is not supported.

Note that the `vars` context is set to the variables for the *repository
that initiated the GitHub Actions run* and not the reusable workflow's
repository.

Updates #1555

## Testing Process

- Set a variable on the test repo
- Go to Settings -> Secrets & variables -> Actions and then click on the
Variables tab.
  - Set some test variables.
- Generate provenance as normal using the generic generator or container
generator
  - Note that the `compile-generator: true` input must be set.
- Examine the `invocation.parameters.vars` field in the resulting
provenance. The vars should be recorded there.

## Checklist

- [x] Review the contributing
[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)
- [x] Add a reference to related issues in the PR description.
- [x] Update documentation if applicable (added #3627 to track)
- [x] Add unit tests if applicable.
- [x] Add changes to the
[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
if applicable.

---------

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>
Signed-off-by: Ian Lewis <ianlewis@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ianlewis