feat(release): attach npm tarballs + SLSA provenance to GitHub releases#164
Merged
Conversation
…es; refresh SECURITY.md versions
OpenSSF Scorecard Signed-Releases (currently -1: releases carry no
assets). From the next release on:
- npm-publish packs the five workspace tarballs, computes sha256
subjects, and uploads them as a workflow artifact.
- A new 'provenance' job calls the SLSA generic generator reusable
workflow (slsa-github-generator@v2.1.0, tag-referenced as SLSA
requires) to produce signed multiple.intoto.jsonl provenance for
those tarballs via sigstore.
- create-release downloads both and attaches them as release assets,
so the release ships verifiable artifacts:
slsa-verifier verify-artifact <tarball> --provenance-path multiple.intoto.jsonl --source-uri github.com/debugmcp/mcp-debugger
Provenance-carrying releases score 10/10 on Signed-Releases (releases
without assets are skipped by the check, so history does not drag).
Also refreshes the SECURITY.md supported-versions table (0.20.x ->
0.22.x, current release line).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
debugmcpdev
added a commit
that referenced
this pull request
Jul 9, 2026
Project registered and passing at bestpractices.dev/projects/13543 (part of the OpenSSF Scorecard improvement effort). SECURITY.md's supported-versions table was already refreshed to 0.22.x in #164. Co-authored-by: JF <john.franklin@gmail.com> Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This was referenced Jul 9, 2026
debugmcpdev
added a commit
that referenced
this pull request
Jul 9, 2026
…attest-build-provenance (#176) The provenance job added in #164 (slsa-framework/slsa-github-generator's generator_generic_slsa3.yml reusable workflow) failed the v0.23.0 release with a hard startup_failure -- zero jobs scheduled, not even unrelated ones like build-and-test. Root-caused via a throwaway diagnostic branch (deleted): this org has 'Write permissions for workflows' disabled repo-wide (actions/permissions/workflow reports default_workflow_permissions: read, and PUT to write returns 409 'disabled by the organization'). GitHub validates a job's requested permissions against that policy at PARSE TIME specifically for jobs that call an external reusable *workflow* (uses: owner/repo/.github/workflows/x.yml@ref) -- even a bare-minimum such job with read-only-looking permissions triggered the same startup_failure. Confirmed by elimination: removing the job let build-and-test run; a bare bones version of the same reusable-workflow call reproduced the failure in isolation; a normal composite action inside a normal job (matching npm-publish's already-working id-token: write pattern) ran successfully. Fix: actions/attest-build-provenance is a plain composite action, not a reusable workflow, so it isn't subject to that check -- same permission scopes (id-token: write, now attestations: write instead of contents), same normal-job shape npm-publish already uses successfully. Its bundle-path output is a JSON-serialized Sigstore bundle wrapping a real in-toto statement, genuinely valid under both extensions OpenSSF Scorecard's Signed-Releases probes scan release assets for (releasesAreSigned: .sigstore.json; releasesHaveProvenance: .intoto.jsonl) -- uploaded as both, not fabricated duplicates. Co-authored-by: JF <john.franklin@gmail.com> Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OpenSSF Scorecard Signed-Releases is currently
-1(inconclusive) because releases carry no assets. From the next release:npm-publishpacks the five workspace tarballs, computes their sha256 subjects, and uploads them as a workflow artifact.provenancejob calls the SLSA generic generator reusable workflow (slsa-github-generator@v2.1.0— tag-referenced as SLSA requires; Scorecard exempts this from hash-pinning) to produce sigstore-signedmultiple.intoto.jsonlprovenance for those tarballs.create-releasedownloads both and attaches them as release assets.Verification for consumers:
Provenance-carrying releases score 10/10 on Signed-Releases; asset-less historical releases are skipped by the check, so history doesn't drag the score.
Also refreshes the SECURITY.md supported-versions table (0.20.x → 0.22.x).
Notes
base64-subjects,provenance-name,upload-assets) verified against the v2.1.0 workflow definition;upload-assets: falsebecausecreate-releaseattaches the file itself (the release doesn't exist yet when the generator runs).create-releasenow alsoneeds: provenance.v0.22.1-alpha.Ntag (prerelease path) or useworkflow_dispatchwith a test ref, and confirm the release gets*.tgz+multiple.intoto.jsonlassets.🤖 Generated with Claude Code