comments
This commit is contained in:
@@ -3,9 +3,8 @@
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow lets you compile your Go project using a SLSA3 compliant builder
|
||||
# This workflow will generate a so-called "provenance" file describing the steps
|
||||
# that were performed to generate the final binary.
|
||||
# This workflow lets you generate SLSA provenance file for your project.
|
||||
# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
|
||||
# The project is an initiative of the OpenSSF (openssf.org) and is developed at
|
||||
# https://github.com/slsa-framework/slsa-github-generator.
|
||||
# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
|
||||
@@ -26,7 +25,7 @@ jobs:
|
||||
digests: ${{ steps.hash.outputs.digests }}
|
||||
|
||||
steps:
|
||||
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# ========================================================
|
||||
#
|
||||
@@ -52,7 +51,10 @@ jobs:
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)"
|
||||
# List the artifacts the provenance will refer to.
|
||||
files=$(ls artifact*)
|
||||
# Generate the subjects (base64 encoded).
|
||||
echo "::set-output name=digests::$(sha256sum $files | base64 -w0)"
|
||||
|
||||
provenance:
|
||||
needs: [build]
|
||||
|
||||
@@ -2,6 +2,6 @@
|
||||
"name": "SLSA Generic generator",
|
||||
"creator": "Open Source Security Foundation (OpenSSF)",
|
||||
"description": "Generate SLSA3 provenance for your existing release workflows",
|
||||
"iconName": "go-ossf-slsa3-publish",
|
||||
"categories": ["Continuous integration"]
|
||||
"iconName": "generator-generic-ossf-slsa3-publish",
|
||||
"categories": ["Continuous integration", "Go", "Elixir", "Erlang", "PHP", "Haskell", "Rust", "Java", "Scala", "Gradle", "Maven", "Python", "C", "C++", "TypeScript", "JavaScript", "npm", "Ruby", "HTML", "Composer", "Makefile", "Ada"]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user