From 67805723f0bf3c53f17eaaea77e9cfd44d6a2417 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 00:59:05 +0000 Subject: [PATCH] update --- ci/generic-generator-ossf-slsa3-publish.yml | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 ci/generic-generator-ossf-slsa3-publish.yml diff --git a/ci/generic-generator-ossf-slsa3-publish.yml b/ci/generic-generator-ossf-slsa3-publish.yml new file mode 100644 index 0000000..f843fd1 --- /dev/null +++ b/ci/generic-generator-ossf-slsa3-publish.yml @@ -0,0 +1,63 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +permissions: read-all + +jobs: + build: + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject + id: hash + run: | + set -euo pipefail + + echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" + + provenance: + needs: [build] + permissions: + actions: read + id-token: write + contents: read + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release \ No newline at end of file