Files
attest-sbom/action.yml
T

87 lines
3.0 KiB
YAML
Raw Normal View History

2024-02-22 08:46:34 -08:00
name: 'Attest SBOM'
description: 'Generate SBOM attestations for build artifacts'
author: 'GitHub'
2024-04-30 11:54:08 -07:00
branding:
color: 'blue'
icon: 'paperclip'
2024-02-20 11:28:19 -08:00
inputs:
2024-02-22 08:46:34 -08:00
subject-path:
description: >
2024-02-29 11:59:05 -08:00
Path to the artifact serving as the subject of the attestation. Must
specify exactly one of "subject-path", "subject-digest", or
"subject-checksums". May contain a glob pattern or list of paths (total
subject count cannot exceed 1024).
2024-02-22 08:46:34 -08:00
required: false
subject-digest:
description: >
2024-05-06 12:14:46 -07:00
SHA256 digest of the subject for the attestation. Must be in the form
2024-02-29 11:59:05 -08:00
"sha256:hex_digest" (e.g. "sha256:abc123..."). Must specify exactly one of
"subject-path", "subject-digest", or "subject-checksums".
2024-02-22 08:46:34 -08:00
required: false
subject-name:
description: >
Subject name as it should appear in the attestation. Required when
identifying the subject with the "subject-digest" input.
subject-checksums:
description: >
Path to checksums file containing digest and name of subjects for
attestation. Must specify exactly one of "subject-path", "subject-digest",
or "subject-checksums".
required: false
2024-02-29 11:59:05 -08:00
sbom-path:
description: >
Path to the JSON-formatted SBOM file to attest. File size cannot exceed
16MB.
required: true
2024-02-22 08:46:34 -08:00
push-to-registry:
description: >
Whether to push the provenance statement to the image registry. Requires
that the "subject-name" parameter specify the fully-qualified image name
and that the "subject-digest" parameter be specified. Defaults to false.
default: false
required: false
show-summary:
description: >
Whether to attach a list of generated attestations to the workflow run
summary page. Defaults to true.
default: true
required: false
2024-02-29 11:59:05 -08:00
github-token:
2024-02-22 08:46:34 -08:00
description: >
2024-02-29 11:59:05 -08:00
The GitHub token used to make authenticated API requests.
default: ${{ github.token }}
2024-02-22 08:46:34 -08:00
required: false
2024-03-05 11:06:06 -08:00
2024-02-20 11:28:19 -08:00
outputs:
2024-02-22 08:46:34 -08:00
bundle-path:
2024-12-04 07:53:42 -08:00
description: 'The path to the file containing the attestation bundle.'
2024-02-22 08:46:34 -08:00
value: ${{ steps.attest.outputs.bundle-path }}
attestation-id:
description: 'The ID of the attestation.'
value: ${{ steps.attest.outputs.attestation-id }}
attestation-url:
description: 'The URL for the attestation summary.'
value: ${{ steps.attest.outputs.attestation-url }}
2024-02-20 11:28:19 -08:00
runs:
2024-02-22 08:46:34 -08:00
using: 'composite'
2024-02-29 11:59:05 -08:00
steps:
2026-02-25 15:03:50 -08:00
- shell: bash
run: |
echo "::warning::actions/attest-sbom has been deprecated, please use actions/attest instead"
- uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
2024-02-22 08:46:34 -08:00
id: attest
2025-08-28 15:21:59 -07:00
env:
NODE_OPTIONS: '--max-http-header-size=32768'
2024-02-22 08:46:34 -08:00
with:
subject-path: ${{ inputs.subject-path }}
subject-digest: ${{ inputs.subject-digest }}
subject-name: ${{ inputs.subject-name }}
subject-checksums: ${{ inputs.subject-checksums }}
2026-02-25 15:03:50 -08:00
sbom-path: ${{ inputs.sbom-path }}
2024-03-05 11:06:06 -08:00
push-to-registry: ${{ inputs.push-to-registry }}
show-summary: ${{ inputs.show-summary }}
2024-02-29 11:59:05 -08:00
github-token: ${{ inputs.github-token }}