Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: fix the Go package version to v2 #373

Merged
merged 3 commits into from
Dec 2, 2022
Merged

fix: fix the Go package version to v2 #373

merged 3 commits into from
Dec 2, 2022

Conversation

suzuki-shunsuke
Copy link
Contributor

@suzuki-shunsuke suzuki-shunsuke commented Dec 2, 2022
edited
Loading

Fix the package name github.com/slsa-framework/slsa-verifier to github.com/slsa-framework/slsa-verifier/v2.

git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g"

slsa-verifier v2 has been released. https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0

Currently, we can't install slsa-verifier v2 by go install.

  1. Failed to install v2.
$ go install github.com/slsa-framework/slsa-verifier/cli/slsa-verifier@v2.0.0
go: github.com/slsa-framework/slsa-verifier/cli/slsa-verifier@v2.0.0: github.com/slsa-framework/slsa-verifier@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("github.com/slsa-framework/slsa-verifier/v2")
  1. Installed not v2 but v1.4.1.
$ go install github.com/slsa-framework/slsa-verifier/cli/slsa-verifier@latest
go: downloading github.com/slsa-framework/slsa-verifier v1.4.1
go: downloading github.com/sigstore/cosign v1.12.0
go: downloading github.com/google/trillian v1.4.2
go: downloading github.com/sigstore/rekor v0.11.0
go: downloading github.com/sigstore/sigstore v1.4.2
go: downloading golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
go: downloading github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42
go: downloading golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
go: downloading github.com/letsencrypt/boulder v0.0.0-20220723181115-27de4befb95e
go: downloading golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
go: downloading google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58
go: downloading github.com/klauspost/compress v1.15.9
go: downloading github.com/aws/aws-sdk-go-v2/config v1.17.7
go: downloading github.com/Azure/go-autorest/autorest/adal v0.9.20
go: downloading golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.12.20
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5

@suzuki-shunsuke
fix: fix the package version to v2
1900eda 
```
git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g"
```

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
@suzuki-shunsuke
fix: fix the package version to v2
6c7df96 
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
@suzuki-shunsuke
Copy link
Contributor Author

https://github.com/slsa-framework/slsa-verifier/actions/runs/3597819895/jobs/6059973163

=== RUN   Test_runVerifyGHAArtifactPath/regression:_sharded_uuids
No certificate provided, trying Redis search index to find entries by subject digest
Verified signature against tlog entry index 2907428 at URL: https://rekor.sigstore.dev/api/v1/log/entries/362f8ecba72f432624befa6acb7f1263c026e7b135e24cf23f11b5020a5fb9365e922a831485bb60
    main_test.go:557: :   any(
        - 	e"source used to generate the binary does not match provenance: expected source 'slsa-framework/slsa-verifier/v2', got 'slsa-framework/slsa-verifier'",
          )
--- FAIL: Test_runVerifyGHAArtifactPath (291.30s)

@suzuki-shunsuke
test: fix source
4387593 
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
@suzuki-shunsuke suzuki-shunsuke marked this pull request as ready for review December 2, 2022 01:15
@suzuki-shunsuke
Copy link
Contributor Author

#373 (comment) has been solved. 4387593

@suzuki-shunsuke suzuki-shunsuke mentioned this pull request Dec 2, 2022
Merged
@ianlewis ianlewis requested review from asraa and laurentsimon and removed request for asraa December 2, 2022 01:47
laurentsimon
laurentsimon approved these changes Dec 2, 2022
View reviewed changes
Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@laurentsimon laurentsimon merged commit 74fd528 into slsa-framework:main Dec 2, 2022
@suzuki-shunsuke suzuki-shunsuke deleted the fix/update-gopkg-v2 branch December 2, 2022 02:53
@ianlewis ianlewis mentioned this pull request Jan 5, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

@asraa asraa Awaiting requested review from asraa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@suzuki-shunsuke @laurentsimon