SLSA generic generator #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SLSA generic generator | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| release_version: | ||
| description: new release version | ||
| required: true | ||
| default: (for example, 0.1.0) | ||
| some_bool: | ||
| description: some_bool | ||
| required: false | ||
| default: true | ||
| some_integer: | ||
| description: some_integer | ||
| required: false | ||
| default: "123" | ||
| push: | ||
| tags: | ||
| - "*" | ||
| # release: | ||
| # types: [created] | ||
| permissions: read-all | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| digests: ${{ steps.hash.outputs.digests }} | ||
| digests-as-file: ${{ steps.subjectfile.outputs.handle }} | ||
| steps: | ||
| # ======================================================== | ||
| # | ||
| # Step 1: Build your artifacts. | ||
| # | ||
| # ======================================================== | ||
| - name: Build artifacts | ||
| run: | | ||
| # These are some amazing artifacts. | ||
| echo "artifact1" > artifact1 | ||
| echo "artifact2" > artifact2 | ||
| # ======================================================== | ||
| # | ||
| # Step 2: Add a step to generate the provenance subjects | ||
| # as shown below. Update the sha256 sum arguments | ||
| # to include all binaries that you generate | ||
| # provenance for. | ||
| # | ||
| # ======================================================== | ||
| - name: Generate subject | ||
| id: hash | ||
| run: | | ||
| set -euo pipefail | ||
| echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" | ||
| - name: Generate file subject | ||
| run: | | ||
| set -euo pipefail | ||
| sha256sum artifact1 artifact2 | base64 -w0 > subjects_file.sha256.b64 | ||
| - name: Share the file | ||
| id: subjectfile | ||
| uses: laurentsimon/slsa-github-generator/actions/generator/generic/create-base64-subjects-from-file@feat/large-subjects | ||
| with: | ||
| path: subjects_file.sha256.b64 | ||
| #uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main | ||
| provenance: | ||
| needs: [build] | ||
| permissions: | ||
| actions: read # To read the workflow path. | ||
| id-token: write # To sign the provenance. | ||
| contents: write # To add assets to a release. | ||
| #uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.2 | ||
| # This corresponds to laurentsimon/slsa-github-generator@test/imposter | ||
| #uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@32d3df3ab84439a53d5d3e42275aae349fddcd44 | ||
| uses: laurentsimon/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@feat/large-subjects | ||
|
Check failure on line 78 in .github/workflows/slsa-generic.yml
|
||
| with: | ||
| #base64-subjects: "${{ needs.build.outputs.digests }}" | ||
| base64-subjects-as-file: "${{ needs.build.outputs.digests-as-file }}" | ||
| upload-assets: true # Optional: Upload to a new release | ||
| #compile-generator: true | ||
GitHub Actions