Add SLSA build provenance attestations to release workflows#7097
Merged
Add SLSA build provenance attestations to release workflows#7097
Conversation
Add actions/attest-build-provenance to release, canary, nightly, and Docker workflows. Every CLI binary, desktop bundle, Linux package, and container image now gets a signed provenance attestation via Sigstore. Users can verify any artifact with: gh attestation verify <artifact> --repo block/goose Changes: - release.yml: attestations:write permission + attestation step - canary.yml: explicit permissions block + attestation step - nightly.yml: explicit permissions block + attestation step - publish-docker.yml: id-token:write, attestations:write, capture image digest, attest with push-to-registry Closes #5994
Collaborator
Author
|
/goose |
Contributor
PR #7097 Review: Add SLSA build provenance attestations to release workflowsSummary: This PR adds SLSA (Supply Chain Levels for Software Artifacts) build provenance attestations to all release workflows using GitHub's ✅ Highlights
🟢 Suggestions
Overall AssessmentApprove - This is a clean, well-implemented security enhancement. The PR correctly applies the attestation action across all four release workflows with proper permissions, action pinning, and artifact patterns that match the existing release configurations. Review generated by goose |
DOsinga
approved these changes
Feb 12, 2026
…provenance * origin/main: (68 commits) Upgraded npm packages for latest security updates (#7183) docs: reasoning effort levels for Codex provider (#6798) Fix speech local (#7181) chore: add .gooseignore to .gitignore (#6826) Improve error message logging from electron (#7130) chore(deps): bump jsonwebtoken from 9.3.1 to 10.3.0 (#6924) docs: standalone mcp apps and apps extension (#6791) workflow: auto-update cli-commands on release (#6755) feat(apps): Integrate AppRenderer from @mcp-ui/client SDK (#7013) fix(MCP): decode resource content (#7155) feat: reasoning_content in API for reasoning models (#6322) Fix/configure add provider custom headers (#7157) fix: handle keyring fallback as success (#7177) Update process-wrap to 9.0.3 (9.0.2 is yanked) (#7176) feat: support extra field in chatcompletion tool_calls for gemini openai compat (#6184) fix: replace panic with proper error handling in get_tokenizer (#7175) Lifei/smoke test for developer (#7174) fix text editor view broken (#7167) docs: White label guide (#6857) Add PATH detection back to developer extension (#7161) ... # Conflicts: # .github/workflows/nightly.yml
Change **/*.flatpak to *.flatpak to match the release step's glob pattern and be consistent with release.yml attestation.
Collaborator
Author
|
/goose |
Contributor
|
Summary: This PR correctly adds SLSA build provenance attestations to the release, canary, and Docker workflows using the 🟡 Warnings
🟢 Suggestions
✅ Highlights
Review generated by goose |
alexhancock
approved these changes
Feb 12, 2026
jh-block
added a commit
that referenced
this pull request
Feb 13, 2026
* origin/main: (21 commits) nit: show dir in title, and less... jank (#7138) feat(gemini-cli): use stream-json output and re-use session (#7118) chore(deps): bump qs from 6.14.1 to 6.14.2 in /documentation (#7191) Switch jsonwebtoken to use aws-lc-rs (already used by rustls) (#7189) chore(deps): bump qs from 6.14.1 to 6.14.2 in /evals/open-model-gym/mcp-harness (#7184) Add SLSA build provenance attestations to release workflows (#7097) fix save and run recipe not working (#7186) Upgraded npm packages for latest security updates (#7183) docs: reasoning effort levels for Codex provider (#6798) Fix speech local (#7181) chore: add .gooseignore to .gitignore (#6826) Improve error message logging from electron (#7130) chore(deps): bump jsonwebtoken from 9.3.1 to 10.3.0 (#6924) docs: standalone mcp apps and apps extension (#6791) workflow: auto-update cli-commands on release (#6755) feat(apps): Integrate AppRenderer from @mcp-ui/client SDK (#7013) fix(MCP): decode resource content (#7155) feat: reasoning_content in API for reasoning models (#6322) Fix/configure add provider custom headers (#7157) fix: handle keyring fallback as success (#7177) ...
katzdave
added a commit
that referenced
this pull request
Feb 13, 2026
…ntext * 'main' of github.com:block/goose: feat: add onFallbackRequest handler to McpAppRenderer (#7208) feat: add streaming support for Claude Code CLI provider (#6833) fix: The detected filetype is PLAIN_TEXT, but the provided filetype was HTML (#6885) Add prompts (#7212) Add testing instructions for speech to text (#7185) Diagnostic files copying (#7209) fix: allow concurrent tool execution within the same MCP extension (#7202) fix: handle missing arguments in MCP tool calls to prevent GUI crash (#7143) Filter Apps page to only show standalone Goose Apps (#6811) opt: use static for Regex (#7205) nit: show dir in title, and less... jank (#7138) feat(gemini-cli): use stream-json output and re-use session (#7118) chore(deps): bump qs from 6.14.1 to 6.14.2 in /documentation (#7191) Switch jsonwebtoken to use aws-lc-rs (already used by rustls) (#7189) chore(deps): bump qs from 6.14.1 to 6.14.2 in /evals/open-model-gym/mcp-harness (#7184) Add SLSA build provenance attestations to release workflows (#7097) fix save and run recipe not working (#7186) Upgraded npm packages for latest security updates (#7183) docs: reasoning effort levels for Codex provider (#6798)
5 tasks
5 tasks
fresh3nough
added a commit
to fresh3nough/goose
that referenced
this pull request
Mar 11, 2026
Replace custom SHA-256 checksum approach with Sigstore provenance verification using the sigstore-verification crate. Leverages the SLSA attestations from actions/attest-build-provenance added in block#7097 and builds on the native Rust self-update foundation from block#7148. Changes: - Add verify_provenance() that fetches and verifies GitHub attestation bundles via the sigstore-verification crate (Sigstore signature chain, Rekor transparency log, artifact digest match) - Harden tar.bz2 extraction against tar-slip (reject absolute paths and .. components, create parent dirs per-entry) - Harden zip extraction against zip-slip (use enclosed_name() sanitization, iterate entries individually) - Add sha256_hex() helper for archive digest computation and display - Remove all .sha256 file download/verify logic and CI workflow changes - 16 unit tests covering SHA-256 digests, path validation (safe paths, absolute path rejection, traversal rejection, nested traversal), tar extraction round-trip, binary location, binary replacement, and provenance verification graceful degradation Signed-off-by: fre$h <[email protected]> Signed-off-by: fre <[email protected]>
3 tasks
fresh3nough
added a commit
to fresh3nough/goose
that referenced
this pull request
Mar 12, 2026
Replace custom SHA-256 checksum approach with Sigstore provenance verification using the sigstore-verification crate. Leverages the SLSA attestations from actions/attest-build-provenance added in block#7097 and builds on the native Rust self-update foundation from block#7148. Changes: - Add verify_provenance() that fetches and verifies GitHub attestation bundles via the sigstore-verification crate (Sigstore signature chain, Rekor transparency log, artifact digest match) - Harden tar.bz2 extraction against tar-slip (reject absolute paths and .. components, create parent dirs per-entry) - Harden zip extraction against zip-slip (use enclosed_name() sanitization, iterate entries individually) - Add sha256_hex() helper for archive digest computation and display - Remove all .sha256 file download/verify logic and CI workflow changes - 16 unit tests covering SHA-256 digests, path validation (safe paths, absolute path rejection, traversal rejection, nested traversal), tar extraction round-trip, binary location, binary replacement, and provenance verification graceful degradation Signed-off-by: fre$h <[email protected]> Signed-off-by: fre <[email protected]>
fresh3nough
added a commit
to fresh3nough/goose
that referenced
this pull request
Mar 18, 2026
Replace custom SHA-256 checksum approach with Sigstore provenance verification using the sigstore-verification crate. Leverages the SLSA attestations from actions/attest-build-provenance added in block#7097 and builds on the native Rust self-update foundation from block#7148. Changes: - Add verify_provenance() that fetches and verifies GitHub attestation bundles via the sigstore-verification crate (Sigstore signature chain, Rekor transparency log, artifact digest match) - Harden tar.bz2 extraction against tar-slip (reject absolute paths and .. components, create parent dirs per-entry) - Harden zip extraction against zip-slip (use enclosed_name() sanitization, iterate entries individually) - Add sha256_hex() helper for archive digest computation and display - Remove all .sha256 file download/verify logic and CI workflow changes - 16 unit tests covering SHA-256 digests, path validation (safe paths, absolute path rejection, traversal rejection, nested traversal), tar extraction round-trip, binary location, binary replacement, and provenance verification graceful degradation Signed-off-by: fre$h <[email protected]> Signed-off-by: fre <[email protected]>
fresh3nough
added a commit
to fresh3nough/goose
that referenced
this pull request
Mar 18, 2026
Replace custom SHA-256 checksum approach with Sigstore provenance verification using the sigstore-verification crate. Leverages the SLSA attestations from actions/attest-build-provenance added in block#7097 and builds on the native Rust self-update foundation from block#7148. Changes: - Add verify_provenance() that fetches and verifies GitHub attestation bundles via the sigstore-verification crate (Sigstore signature chain, Rekor transparency log, artifact digest match) - Harden tar.bz2 extraction against tar-slip (reject absolute paths and .. components, create parent dirs per-entry) - Harden zip extraction against zip-slip (use enclosed_name() sanitization, iterate entries individually) - Add sha256_hex() helper for archive digest computation and display - Remove all .sha256 file download/verify logic and CI workflow changes - 16 unit tests covering SHA-256 digests, path validation (safe paths, absolute path rejection, traversal rejection, nested traversal), tar extraction round-trip, binary location, binary replacement, and provenance verification graceful degradation Signed-off-by: fre$h <[email protected]> Signed-off-by: fre <[email protected]>
fresh3nough
added a commit
to fresh3nough/goose
that referenced
this pull request
Mar 19, 2026
Replace custom SHA-256 checksum approach with Sigstore provenance verification using the sigstore-verification crate. Leverages the SLSA attestations from actions/attest-build-provenance added in block#7097 and builds on the native Rust self-update foundation from block#7148. Changes: - Add verify_provenance() that fetches and verifies GitHub attestation bundles via the sigstore-verification crate (Sigstore signature chain, Rekor transparency log, artifact digest match) - Harden tar.bz2 extraction against tar-slip (reject absolute paths and .. components, create parent dirs per-entry) - Harden zip extraction against zip-slip (use enclosed_name() sanitization, iterate entries individually) - Add sha256_hex() helper for archive digest computation and display - Remove all .sha256 file download/verify logic and CI workflow changes - 16 unit tests covering SHA-256 digests, path validation (safe paths, absolute path rejection, traversal rejection, nested traversal), tar extraction round-trip, binary location, binary replacement, and provenance verification graceful degradation Signed-off-by: fre$h <[email protected]> Signed-off-by: fre <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add actions/attest-build-provenance to release, canary, nightly, and Docker workflows. Every CLI binary, desktop bundle, Linux package, and container image now gets a signed provenance attestation via Sigstore.
Users can verify any artifact with:
gh attestation verify --repo block/goose
Changes:
Closes #5994