Describe the bug
If a subject is created within a subdirectory (i.e. ./target/foo.jar) and hashes computed and stored from the root, the provenance generator attempts to create the provenance as ./target/foo.jar.intoto.jsonl, which fails since ./target no longer exists in the provenance job.
To Reproduce
See workflow: https://github.com/pnacht/jackson-core/blob/d6d0af665a0c9d842b07e4468a75d2b59828df99/.github/workflows/main.yml
And failed job: https://github.com/pnacht/jackson-core/actions/runs/3431333783/jobs/5720700225
It successfully builds ./target/jackson-core-2.14.0-SNAPSHOT.jar but then the provenance job throws:
os.OpenFile(): open target/jackson-core-2.14.0-SNAPSHOT.jar.intoto.jsonl: no such file or directory
Expected behavior
The provenance should be generated successfully.
Additional context
@asraa suggested I generate the hashes within ./target instead of the root. I will try this later.
Describe the bug
If a subject is created within a subdirectory (i.e.
./target/foo.jar) and hashes computed and stored from the root, the provenance generator attempts to create the provenance as./target/foo.jar.intoto.jsonl, which fails since./targetno longer exists in the provenance job.To Reproduce
See workflow: https://github.com/pnacht/jackson-core/blob/d6d0af665a0c9d842b07e4468a75d2b59828df99/.github/workflows/main.yml
And failed job: https://github.com/pnacht/jackson-core/actions/runs/3431333783/jobs/5720700225
It successfully builds
./target/jackson-core-2.14.0-SNAPSHOT.jarbut then the provenance job throws:Expected behavior
The provenance should be generated successfully.
Additional context
@asraa suggested I generate the hashes within
./targetinstead of the root. I will try this later.