Revert "feat: add attestation to installer"

Homebrew · Aug 19, 2024 · c0b72dd · c0b72dd
1 parent 2a5eb02
commit c0b72dd
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 35 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -23,10 +23,6 @@ jobs:
       fail-fast: false
       matrix:
         version: ["18.04", "20.04", "22.04", "24.04"]
-    permissions:
-      contents: read # for code access
-      attestations: write # for actions/attest-build-provenance
-      id-token: write # for actions/attest-build-provenance
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4

diff --git a/.github/workflows/pkg-installer.yml b/.github/workflows/pkg-installer.yml
@@ -19,10 +19,6 @@ jobs:
   build:
     if: github.repository_owner == 'Homebrew' && github.actor != 'dependabot[bot]'
     runs-on: macos-latest
-    permissions:
-      contents: read # for code access
-      attestations: write # for actions/attest-build-provenance
-      id-token: write # for actions/attest-build-provenance
     outputs:
       installer_path: "Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg"
     env:
@@ -123,11 +119,6 @@ jobs:
             security delete-keychain "${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}"
           fi
 
-      - name: Generate build provenance
-        uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
-        with:
-          subject-path: Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg
-
       - name: Upload installer to GitHub Actions
         uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4
         with:

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -239,30 +239,14 @@ jobs:
       - name: Deploy the Docker image to GitHub Packages and Docker Hub
         if: github.ref == 'refs/heads/master'
         run: |
-          echo ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }} |
+          echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} |
             docker login ghcr.io -u BrewTestBot --password-stdin
-          docker tag brew "ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }}"
-          docker push "ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }}"
-          echo ${{ secrets.HOMEBREW_BREW_DOCKER_TOKEN }} |
+          docker tag brew "ghcr.io/homebrew/ubuntu22.04:master"
+          docker push "ghcr.io/homebrew/ubuntu22.04:master"
+          echo ${{secrets.HOMEBREW_BREW_DOCKER_TOKEN}} |
             docker login -u brewtestbot --password-stdin
-          docker tag brew "homebrew/ubuntu22.04:${{ github.ref_name }}"
-          docker push "homebrew/ubuntu22.04:${{ github.ref_name }}"
-
-      - name: Generate Docker image digest
-        if: github.ref == 'refs/heads/master'
-        id: digest
-        run: |
-          digest="$(docker image inspect --format='{{.Digest}}' brew)"
-          echo "digest=$digest" >> "$GITHUB_OUTPUT"
-
-      - name: Generate Docker image build provenance
-        uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
-        if: github.ref == 'refs/heads/master'
-        id: attest
-        with:
-          push-to-registry: true
-          subject-digest: ${{ steps.digest.outputs.digest }}
-          subject-name: ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }}
+          docker tag brew "homebrew/ubuntu22.04:master"
+          docker push "homebrew/ubuntu22.04:master"
 
   update-test:
     name: ${{ matrix.name }}