Test SLSA 2.0 builder release

Change-Id: Ia17d1cbf358aebbb0ea7f5e97a24f2220b784431
project-oak · Apr 22, 2024 · 1fdc0a0 · 1fdc0a0
1 parent f665534
commit 1fdc0a0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 19 deletions.
diff --git a/.github/workflows/provenance.yaml b/.github/workflows/provenance.yaml
@@ -16,26 +16,22 @@ on:
 
 jobs:
   build_binary:
-    if: |
-      github.event_name == 'push' ||
-      contains(github.event.pull_request.labels.*.name, 'provenance:force-run')
-
     # We use the same job template to generate provenances for multiple binaries.
     strategy:
       fail-fast: false
       matrix:
         buildconfig:
-          - buildconfigs/key_xor_test_app.toml
-          - buildconfigs/oak_containers_kernel.toml
-          - buildconfigs/oak_containers_stage1.toml
+          # - buildconfigs/key_xor_test_app.toml
+          # - buildconfigs/oak_containers_kernel.toml
+          # - buildconfigs/oak_containers_stage1.toml
           - buildconfigs/oak_containers_system_image.toml
-          - buildconfigs/oak_echo_enclave_app.toml
-          - buildconfigs/oak_echo_raw_enclave_app.toml
-          - buildconfigs/oak_functions_enclave_app.toml
-          - buildconfigs/oak_functions_insecure_enclave_app.toml
-          - buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.toml
-          - buildconfigs/stage0_bin.toml
-          - buildconfigs/oak_orchestrator.toml
+          # - buildconfigs/oak_echo_enclave_app.toml
+          # - buildconfigs/oak_echo_raw_enclave_app.toml
+          # - buildconfigs/oak_functions_enclave_app.toml
+          # - buildconfigs/oak_functions_insecure_enclave_app.toml
+          # - buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.toml
+          # - buildconfigs/stage0_bin.toml
+          # - buildconfigs/oak_orchestrator.toml
 
     permissions:
       actions: read

diff --git a/.github/workflows/reusable_provenance.yaml b/.github/workflows/reusable_provenance.yaml
@@ -125,11 +125,11 @@ jobs:
           api_key = '${{ secrets.ENT_API_KEY }}'
           EOF
 
-      - name: Download the built artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ needs.generate_provenance.outputs.build-outputs-name }}
-          path: downloads
+      # - name: Download the built artifact
+      #   uses: actions/download-artifact@v3
+      #   with:
+      #     name: ${{ needs.generate_provenance.outputs.build-outputs-name }}
+      #     path: downloads
 
       - name: Download the DSSE document
         uses: actions/download-artifact@v3