Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bug] generator_generic_slsa3.yml upload-assets creates duplicate draft release #4000

Open
bradh352 opened this issue Nov 9, 2024 · 2 comments
Labels
status:triage Issue that has not been triaged type:bug Something isn't working

Comments

@bradh352
Copy link

bradh352 commented Nov 9, 2024

Describe the bug
We are using generator_generic_slsa3.yml to generate SLSA3 for the c-ares project and just had our first release using it. We generate the release and upload the tarball using softprops/action-gh-release@v2 and mark the release as a draft. We then go through the provenance and it generates another draft of the release with the same name instead of uploading it to the existing draft with the name.

I have not attempted to allow it to use a non-draft release for both steps of the process, mainly because I must come back and PGP sign the tarball that is generated and upload that signature and want to wait to turn off the draft status until that is done. So maybe this is a draft-related issue.

To Reproduce

See workflow https://github.com/c-ares/c-ares/blob/v1.34.3/.github/workflows/package.yml

Expected behavior
Expected that the generated .intoto.jsonl file be uploaded to the existing draft release.

@bradh352 bradh352 added status:triage Issue that has not been triaged type:bug Something isn't working labels Nov 9, 2024
@bradh352 bradh352 changed the title [bug] generator_generic_slsa3.yml upload-assets creates duplicate release [bug] generator_generic_slsa3.yml upload-assets creates duplicate draft release Nov 9, 2024
@bradh352
Copy link
Author

bradh352 commented Nov 9, 2024

I see #1476 for go which happens to sort of discuss this issue, and points to this diff for a workaround: https://github.com/sigstore/helm-sigstore/pull/111/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R61-R90

I'll implement that workaround until this gets resolved

@bradh352
Copy link
Author

bradh352 commented Nov 9, 2024

I tried to implement the same workaround, I won't know if it works until our next release ... regardless I'd think this should be resolved within the generic generator itself. c-ares/c-ares@75a382c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status:triage Issue that has not been triaged type:bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant