Skip to content

.github/workflows/e2e.generic.workflow_dispatch.main.adversarial-verifier-binary.slsa3.yml #39

.github/workflows/e2e.generic.workflow_dispatch.main.adversarial-verifier-binary.slsa3.yml

.github/workflows/e2e.generic.workflow_dispatch.main.adversarial-verifier-binary.slsa3.yml #39

on:
# Only triggered manually for pre-release.
workflow_dispatch:
permissions: read-all
jobs:
build:
outputs:
digests: ${{ steps.hash.outputs.digests }}
runs-on: ubuntu-latest
steps:
- name: Build artifacts
run: |
# These are some amazing artifacts.
echo "artifact1" > artifact1
echo "artifact2" > artifact2
- name: Generate hashes
shell: bash
id: hash
run: |
# sha256sum generates sha256 hash for all artifacts.
# base64 -w0 encodes to base64 and outputs on a single line.
# sha256sum artifact1 artifact2 ... | base64 -w0
echo "digests=$(sha256sum artifact1 artifact2 | base64 -w0)" >> "${GITHUB_OUTPUT}"
provenance:
needs: [build]
permissions:
id-token: write # For signing.
contents: write # For asset uploads.
actions: read # For the entrypoint.
# Update the reference in this line with the builder's version to test.
# uses: ianlewis/slsa-github-generator/.github/workflows/[email protected]
# uses: laurentsimon/slsa-github-generator/.github/workflows/[email protected]
uses: kpk47/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.build.outputs.digests }}"
if-succeeded:
runs-on: ubuntu-latest
needs: [provenance]
if: needs.provenance.result == 'success'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: |
set -euo pipefail
echo "This test should fail"
exit 1