54d9a343c3
This involves generating the attestation in the code using the new attest library in the actions toolkit.
26 lines
885 B
YAML
26 lines
885 B
YAML
name: 'Package and Publish'
|
|
description: 'Publish actions as OCI artifacts to GHCR'
|
|
|
|
# TODO: Add your action's branding here. This will appear on the GitHub Marketplace.
|
|
branding:
|
|
icon: 'heart'
|
|
color: 'red'
|
|
|
|
inputs:
|
|
github-token:
|
|
description: 'The GitHub actions token used to authenticate with GitHub APIs'
|
|
|
|
outputs:
|
|
package-url:
|
|
description: 'The name of package published to GHCR along with semver. For example, https://ghcr.io/actions/package-action:1.0.1'
|
|
package-manifest:
|
|
description: 'The package manifest of the published package in JSON format'
|
|
package-manifest-sha:
|
|
description: 'A sha256 hash of the package manifest'
|
|
attestation-id:
|
|
description: 'The attestation id of the generated provenance attestation. This is not present if the package is not attested, e.g. in enterprise environments.'
|
|
|
|
runs:
|
|
using: node20
|
|
main: dist/index.js
|