-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#label:release v1.9.0 --------- Signed-off-by: laurentsimon <[email protected]>
- Loading branch information
1 parent
9bc0d59
commit 07e64b6
Showing
49 changed files
with
150 additions
and
150 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -62,7 +62,7 @@ runs: | |
using: "composite" | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: ${{ inputs.repository }} | ||
ref: ${{ inputs.ref }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -85,7 +85,7 @@ runs: | |
|
||
- name: Compute the hash | ||
id: compute | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
path: "${{ steps.validate-path.outputs.file_path }}" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,7 +31,7 @@ runs: | |
steps: | ||
- name: Compute a random value | ||
id: rng | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
- name: Download the artifact | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
|
@@ -41,7 +41,7 @@ runs: | |
|
||
- name: Compute the hash | ||
id: compute | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
path: "${{ steps.rng.outputs.random }}/folder.tgz" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,7 +32,7 @@ runs: | |
steps: | ||
- name: Compute binary hash | ||
id: compute-digest | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
path: "${{ inputs.path }}" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -60,7 +60,7 @@ runs: | |
- name: Upload the artifact | ||
id: upload | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ inputs.name }}" | ||
path: "${{ steps.create.outputs.tarball-path }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -86,7 +86,7 @@ jobs: | |
steps: | ||
- name: Generate the token | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected] | ||
with: | ||
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" | ||
slsa-rekor-log-public: ${{ inputs.rekor-log-public }} | ||
|
@@ -100,6 +100,6 @@ jobs: | |
id-token: write # For signing. | ||
contents: read # For asset uploads. | ||
actions: read # For the entrypoint. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
with: | ||
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -165,7 +165,7 @@ jobs: | |
steps: | ||
- name: Generate random 16-byte value (32-char hex encoded) | ||
id: rng | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
# This detects the repository and ref of the reusable workflow. | ||
# For pull request, this gets the referenced slsa-github-generator workflow. | ||
|
@@ -180,7 +180,7 @@ jobs: | |
steps: | ||
- name: Detect the builder ref | ||
id: detect | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
################################################################### | ||
# # | ||
|
@@ -197,7 +197,7 @@ jobs: | |
steps: | ||
- name: Generate builder binary | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -230,7 +230,7 @@ jobs: | |
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -357,7 +357,7 @@ jobs: | |
docker login "${untrusted_registry}" -u "${username}" -p "${password}" | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -485,7 +485,7 @@ jobs: | |
provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }} | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -575,7 +575,7 @@ jobs: | |
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -130,7 +130,7 @@ jobs: | |
steps: | ||
- name: Generate random 16-byte value (32-char hex encoded) | ||
id: rng | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
detect-env: | ||
outputs: | ||
|
@@ -142,7 +142,7 @@ jobs: | |
steps: | ||
- name: Detect the builder ref | ||
id: detect | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
################################################################### | ||
# # | ||
|
@@ -157,7 +157,7 @@ jobs: | |
steps: | ||
- name: Generate builder binary | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -191,7 +191,7 @@ jobs: | |
needs: [builder, rng, detect-env] | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -238,7 +238,7 @@ jobs: | |
needs: [builder, build-dry, rng, detect-env] | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -320,7 +320,7 @@ jobs: | |
go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }} | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
@@ -378,7 +378,7 @@ jobs: | |
if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') | ||
steps: | ||
- name: Checkout builder repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: "${{ needs.detect-env.outputs.repository }}" | ||
ref: "${{ needs.detect-env.outputs.ref }}" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -71,7 +71,7 @@ jobs: | |
steps: | ||
- name: Generate the token | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected] | ||
with: | ||
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" | ||
slsa-rekor-log-public: ${{ inputs.rekor-log-public }} | ||
|
@@ -85,7 +85,7 @@ jobs: | |
id-token: write # For signing. | ||
contents: read # For asset uploads. | ||
actions: read # For the entrypoint. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
with: | ||
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -67,7 +67,7 @@ jobs: | |
steps: | ||
- name: Generate the token | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected] | ||
with: | ||
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" | ||
slsa-rekor-log-public: "${{ inputs.rekor-log-public }}" | ||
|
@@ -81,7 +81,7 @@ jobs: | |
id-token: write # For signing. | ||
contents: read # For asset uploads. | ||
actions: read # For the entrypoint. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
with: | ||
slsa-token: "${{ needs.slsa-setup.outputs.slsa-token }}" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -89,7 +89,7 @@ jobs: | |
steps: | ||
- name: Generate the token | ||
id: generate | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected] | ||
with: | ||
slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" | ||
slsa-rekor-log-public: ${{ inputs.rekor-log-public }} | ||
|
@@ -104,6 +104,6 @@ jobs: | |
id-token: write # For signing. | ||
contents: read # For repo checkout of private repos. | ||
actions: read # For getting workflow run on private repos. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
with: | ||
slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -84,7 +84,7 @@ jobs: | |
steps: | ||
- name: Generate random 16-byte value (32-char hex encoded) | ||
id: rng | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
|
||
# verify-token verifies the slsa token. | ||
verify-token: | ||
|
@@ -100,7 +100,7 @@ jobs: | |
steps: | ||
- name: Verify token | ||
id: verify | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
slsa-workflow-recipient: "delegator_generic_slsa3.yml" | ||
slsa-unverified-token: ${{ inputs.slsa-token }} | ||
|
@@ -109,7 +109,7 @@ jobs: | |
|
||
- name: Upload predicate | ||
id: upload | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" | ||
path: ${{ env.SLSA_PREDICATE_FILE }} | ||
|
@@ -120,7 +120,7 @@ jobs: | |
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check private repos | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." | ||
override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} | ||
|
@@ -147,7 +147,7 @@ jobs: | |
echo "$RUNNER: $RUNNER" | ||
- name: Checkout the tool repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
repository: ${{ needs.verify-token.outputs.tool-repository }} | ||
ref: ${{ needs.verify-token.outputs.tool-ref }} | ||
|
@@ -171,7 +171,7 @@ jobs: | |
tree | ||
- name: Checkout the project repository | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} | ||
checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }} | ||
|
@@ -213,7 +213,7 @@ jobs: | |
- name: Upload artifact layout file | ||
id: upload | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" | ||
path: "${{ env.SLSA_ARTIFACTS_FILE }}" | ||
|
@@ -229,14 +229,14 @@ jobs: | |
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download the artifact layout file | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" | ||
path: "${{ env.SLSA_ARTIFACTS_FILE }}" | ||
sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} | ||
|
||
- name: Download the predicate file | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" | ||
path: ${{ env.SLSA_PREDICATE_FILE }} | ||
|
@@ -266,7 +266,7 @@ jobs: | |
- name: Generate attestations | ||
id: attestations | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} | ||
predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} | ||
|
@@ -275,14 +275,14 @@ jobs: | |
|
||
- name: Sign attestations | ||
id: sign | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
attestations: attestations | ||
output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" | ||
|
||
- name: Upload attestations | ||
id: upload | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected]-rc.0 | ||
uses: slsa-framework/slsa-github-generator/.github/actions/[email protected] | ||
with: | ||
name: "${{ needs.rng.outputs.value }}-slsa-attestations" | ||
path: "${{ needs.rng.outputs.value }}-slsa-attestations" | ||
|
Oops, something went wrong.