name: 'Package and Publish' description: 'Publish actions as OCI artifacts to GHCR' # TODO: Add your action's branding here. This will appear on the GitHub Marketplace. branding: icon: 'heart' color: 'red' outputs: package-url: description: 'The name of package published to GHCR along with semver. For example, https://ghcr.io/actions/package-action:1.0.1' value: ${{steps.publish.outputs.package-url}} package-manifest: description: 'The package manifest of the published package in JSON format' value: ${{steps.publish.outputs.package-manifest}} package-manifest-sha: description: 'A sha256 hash of the package manifest' value: ${{steps.publish.outputs.package-manifest-sha}} runs: using: 'composite' steps: - name: Publish Action Package run: 'node ${{github.action_path}}/dist/index.js' shell: bash id: publish env: TOKEN: ${{ github.token }} GITHUB_REPOSITORY: ${{ github.repository }} GITHUB_REF: ${{ github.ref }} GITHUB_SHA: ${{ github.sha }} - name: Output variables shell: bash run: | echo "package manifest": ${{steps.publish.outputs.package-manifest}} echo "package manifest sha": ${{steps.publish.outputs.package-manifest-sha}} echo "package url": ${{steps.publish.outputs.package-url}} echo "subject name": ${{github.repository}}_${{github.ref}} - name: Generate Provenance Attestation uses: github-early-access/generate-build-provenance@main id: build-provenance if: endsWith(github.server_url, 'github.com') || endsWith(github.server_url, 'ghe.com') with: subject-name: ${{github.repository}}_${{github.ref}} subject-digest: ${{steps.publish.outputs.package-manifest-sha}} push-to-registry: false