Conversation
Codecov Report
@@ Coverage Diff @@
## main #1540 +/- ##
=======================================
Coverage 73.31% 73.31%
=======================================
Files 117 117
Lines 9017 9017
=======================================
Hits 6611 6611
Misses 1746 1746
Partials 660 660 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
| set -euo pipefail | ||
| gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz" | ||
| gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "attestation.intoto.jsonl" | ||
| gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "multiple.intoto.jsonl" |
There was a problem hiding this comment.
if you want to preserve the old name i believe there's an input provenance-name as well
https://github.com/slsa-framework/slsa-github-generator/tree/77395259ff7f705e2578f4552b79d90c06f49554/internal/builders/generic#workflow-inputs
There was a problem hiding this comment.
An alternative to that would be to use the provenance-name output which will always be the name of the provenance artifact regardless of the input.
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#workflow-outputs
There was a problem hiding this comment.
I don't have a strong preference for the filename either way, so long as verification works. Thanks for making this change!
Fix #1539
NOTE: we will release the slsa verifier Action Installer in a few weeks, so we'll be able to remove the script that manually downloads the slsa-verifier binary.