Skip to content

fix(ci): work around SLSA builder private repo detection bug#428

Merged
CybotTM merged 1 commit intomainfrom
fix/slsa-private-repo-workaround
Dec 23, 2025
Merged

fix(ci): work around SLSA builder private repo detection bug#428
CybotTM merged 1 commit intomainfrom
fix/slsa-private-repo-workaround

Conversation

@CybotTM
Copy link
Member

@CybotTM CybotTM commented Dec 23, 2025

Summary

  • The SLSA builder incorrectly detects public repositories as private
  • This causes builds to fail with: "Repository is private. The workflow has halted..."
  • Setting private-repository: true allows the build to proceed
  • The repo is public anyway, so uploading to public transparency log is fine

Related Issues

Test plan

  • Verify the release workflow completes successfully after this fix

Sources:

Copilot AI review requested due to automatic review settings December 23, 2025 14:42
@github-actions
Copy link

github-actions bot commented Dec 23, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@CybotTM CybotTM enabled auto-merge December 23, 2025 14:42
Copilot AI reviewed Dec 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR works around a bug in the SLSA GitHub builder that incorrectly detects public repositories as private, causing release builds to fail. The fix sets private-repository: true in the SLSA workflow configuration, which paradoxically allows the build to proceed for this public repository.

Key Changes:

  • Modified the private-repository parameter from false to true in the SLSA builder workflow configuration

@CybotTM
fix(ci): work around SLSA builder private repo detection bug
c017457 
The SLSA builder incorrectly detects public repositories as private,
causing builds to fail with 'Repository is private' error.

Setting private-repository: true allows the build to proceed while still
uploading provenance to the public transparency log (repo is public anyway).

This is a known issue with slsa-github-generator:
slsa-framework/slsa-github-generator#942
@CybotTM CybotTM force-pushed the fix/slsa-private-repo-workaround branch from dd5130a to c017457 Compare December 23, 2025 14:46
@CybotTM CybotTM added this pull request to the merge queue Dec 23, 2025
Merged via the queue into main with commit 639be5c Dec 23, 2025
26 checks passed
@CybotTM CybotTM deleted the fix/slsa-private-repo-workaround branch December 23, 2025 14:51
@CybotTM CybotTM added the released:v0.17.1 Released in v0.17.1 label Dec 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

released:v0.17.1 Released in v0.17.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CybotTM