## Why are we doing this work At the moment, there is a hard-limit on artifact of 5mb. PoC repo: https://gitlab.com/gitlab-org/software-supply-chain-security/capslock-tutorial ``` Hi team! I've been testing the SLSA attestation feature on capslock-tutorial and discovered what appears to be an artifact size limit. I wanted to validate this is expected behavior. The attestation worker silently skips artifacts that exceed max_artifacts_content_include_size (default: 5 MB) . Is that correct? ``` I can see the behaviour you're reporting. Here are the logs for the 4.9mb file https://log.gprd.gitlab.net/app/r/s/1Hco6 and for the 5.1mb file https://log.gprd.gitlab.net/app/r/s/eI8ub ## Relevant links - [Phase 5: OCI Containers Attestation (#20683) · Epic · gitlab-org](https://gitlab.com/groups/gitlab-org/-/work_items/20683) - [ADR 006: Enable the creation of SLSA Level 3 Attestations for OCI images](https://gitlab.com/gitlab-com/content-sites/handbook/-/merge_requests/17936) - [SLSA Level 3 Provenance Attestations](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/slsa_level_3/) - [UX to enable SLSA provenance generation (#547903)](https://gitlab.com/gitlab-org/gitlab/-/work_items/547903#note_2748278333) - [FF `slsa_provenance_statement` -- Roll out feature flag to publish SLSA provenance statements (#547866)](https://gitlab.com/gitlab-org/gitlab/-/work_items/547866) - [SLSA • Provenance](https://slsa.dev/spec/v1.1/provenance) - [ADR 002: Generate SLSA Provenance in GitLab Rails backend](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/slsa_level_3/decisions/002_provenance_generation_location/) ## Non-functional requirements - [ ] Documentation: Documentation will be handled in another ticket. [Document SLSA provenance statement generation (Rails backend implementation) (#546180) · Issue · gitlab-org/gitlab](https://gitlab.com/gitlab-org/gitlab/-/work_items/546180) - [ ] Feature flag: Development is behind [[FF] slsa_provenance_statement](https://gitlab.com/gitlab-org/gitlab/-/work_items/547866) - [ ] Performance: [discussed in ADR](https://gitlab.com/gitlab-com/content-sites/handbook/-/merge_requests/17936/diffs#e5ed2306565df3bdae4282e176ff146a81b79b01_0_378). - [ ] Testing: [discussed in ADR](https://gitlab.com/gitlab-com/content-sites/handbook/-/merge_requests/17936/diffs#e5ed2306565df3bdae4282e176ff146a81b79b01_0_378) ## Implementation plan We should modify the code so that the maximum size we accept is the same as the maximum artifact size. See [CI/CD settings](https://docs.gitlab.com/administration/settings/continuous_integration/#set-maximum-artifacts-size). ## Verification steps - [ ] Test locally. - [ ] Send fix to prod. Verify that the PoC below no longer reproduces. PoC: [Creates attestation](https://gitlab.com/sroque-worcel/test-slsa-worker/-/jobs/12868903589)/[does not create attestation](https://gitlab.com/sroque-worcel/test-slsa-worker/-/jobs/12868831821).