From 2bd3c1b2b0e2996b1306022b69e5c9cf328f1b8d Mon Sep 17 00:00:00 2001 From: ArnabRollin Date: Tue, 17 Oct 2023 17:10:58 +0530 Subject: [PATCH] Updated SLSA provenance generator --- .../generator-generic-ossf-slsa3-publish.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml index a36e782..c3b7661 100644 --- a/.github/workflows/generator-generic-ossf-slsa3-publish.yml +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml @@ -30,11 +30,10 @@ jobs: # Step 1: Build your artifacts. # # ======================================================== - - name: Build artifacts + - name: Build artifacts using cargo run: | - # These are some amazing artifacts. - echo "artifact1" > artifact1 - echo "artifact2" > artifact2 + cargo build --release + cp target/release/dwn . # ======================================================== # @@ -49,18 +48,16 @@ jobs: run: | set -euo pipefail - # List the artifacts the provenance will refer to. - files=$(ls artifact*) # Generate the subjects (base64 encoded). - echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + echo "hashes=$(sha256sum dwn | base64 -w0)" >> "${GITHUB_OUTPUT}" provenance: needs: [build] permissions: - actions: read # To read the workflow path. + actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" upload-assets: true # Optional: Upload to a new release