Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

editorial: Clarify the requirements for self-hosted runners on provenance #989

Merged
merged 6 commits into from
Nov 17, 2023
Merged

editorial: Clarify the requirements for self-hosted runners on provenance #989

merged 6 commits into from
Nov 17, 2023

Conversation

arewm
Copy link
Member

@arewm arewm commented Oct 13, 2023

Resolves: #966

Some CI systems allow for users to configure self-hosted runner environments for perform builds and CI analysis. While both the build platform and the self-hosted runners have the ability to affect the build for the resulting artifact, the SLSA Build requirements do not need to be imposed on both systems.

This addition to the FAQ is a clarification of the requirements as they relate to the generation of the provenance.

@netlify
Copy link

netlify bot commented Oct 13, 2023
edited
Loading

Deploy Preview for slsa ready!

Name Link
🔨 Latest commit a6a02b1
🔍 Latest deploy log https://app.netlify.com/sites/slsa/deploys/6557c8153c1a050009e62082
😎 Deploy Preview https://deploy-preview-989--slsa.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@arewm arewm mentioned this pull request Oct 13, 2023
Closed
@arewm
editorial: Clarify the requirements for self-hosted runners on proven…
31662a9 
…ance

Resolves: slsa-framework#966

Some CI systems allow for users to configure self-hosted runner
environments for perform builds and CI analysis. While both the build
platform and the self-hosted runners have the ability to affect the
build for the resulting artifact, the SLSA Build requirements do not
need to be imposed on both systems.

This addition to the FAQ is a clarification of the requirements as they
relate to the generation of the provenance.

Signed-off-by: arewm <[email protected]>
@arewm arewm force-pushed the runner-provenance branch from 2ca64fa to 31662a9 Compare October 13, 2023 19:57
@arewm arewm mentioned this pull request Oct 16, 2023
Open
MarkLodato
MarkLodato approved these changes Oct 20, 2023
View reviewed changes
Copy link
Member

@MarkLodato MarkLodato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Could you make the suggested changes to both files?

docs/spec/v1.0/faq.md Outdated Show resolved Hide resolved
docs/spec/v1.0/faq.md Outdated Show resolved Hide resolved
@MarkLodato
Copy link
Member

Friendly ping. Could another maintainer or @slsa-framework/slsa-steering-committee member approve (editorial requires two approvals).

@mlieberman85 @arewm
Update docs/spec/v1.0/faq.md
0653003 
Co-authored-by: Andrew McNamara <[email protected]>
Signed-off-by: Michael Lieberman <[email protected]>
mlieberman85
mlieberman85 approved these changes Nov 13, 2023
View reviewed changes
Copy link
Member

@mlieberman85 mlieberman85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lehors
lehors reviewed Nov 15, 2023
View reviewed changes
docs/spec/v1.0/faq.md Outdated Show resolved Hide resolved
trishankatdatadog
trishankatdatadog approved these changes Nov 16, 2023
View reviewed changes
Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM (for now). We're trying to implement SLSA within our self-hosted GitLab, and will run into this issue soon, so if we find anything more specific, we'll be sure to update it here.

@MarkLodato @lehors
Update docs/spec/v1.0/faq.md
86cdeaf 
Co-authored-by: Arnaud J Le Hors <[email protected]>
Signed-off-by: Mark Lodato <[email protected]>
MarkLodato
MarkLodato reviewed Nov 17, 2023
View reviewed changes
docs/spec/v1.1/faq.md Outdated Show resolved Hide resolved
@MarkLodato
Update docs/spec/v1.1/faq.md
3e3ff36 
Signed-off-by: Mark Lodato <[email protected]>
MarkLodato
MarkLodato reviewed Nov 17, 2023
View reviewed changes
docs/spec/v1.0/faq.md Outdated Show resolved Hide resolved
docs/spec/v1.1/faq.md Outdated Show resolved Hide resolved
@MarkLodato
wrap to 80 cols
a6a02b1 
Signed-off-by: Mark Lodato <[email protected]>
@MarkLodato MarkLodato merged commit 5c9dea7 into slsa-framework:main Nov 17, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lehors lehors lehors left review comments

@MarkLodato MarkLodato MarkLodato approved these changes

@trishankatdatadog trishankatdatadog trishankatdatadog approved these changes

@mlieberman85 mlieberman85 mlieberman85 approved these changes

@joshuagl joshuagl Awaiting requested review from joshuagl

Assignees
No one assigned
Labels
None yet
Projects
Issue triage
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clarify how SLSA interacts with self-hosted runners
5 participants
@arewm @MarkLodato @mlieberman85 @lehors @trishankatdatadog