From 19563913777e89f81bf2f4ab293a9b84e37883b4 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Sun, 19 Jun 2022 20:37:48 -0400 Subject: [PATCH 1/4] minor fixes, updates Signed-off-by: Chip Zoller --- internal/builders/generic/README.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index ae3d4be8f6..19aacf8c41 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -64,6 +64,8 @@ output: $ sha256sum artifact1 artifact2 ... | base64 -w0 ``` +This workflow expects the base64 encoded value for the subjects to decode to a string conforming to the expected output of the above command. Specifically, the decoded output is expected to be comprised of a hash value followed by a space followed by the artifact name. + After you have encoded your digest, add a new job to call the reusable workflow. ```yaml @@ -159,19 +161,15 @@ jobs: ### Workflow Inputs -The builder workflow -[.github/workflows/generator_generic_slsa3.yml](.github/workflows/generator_generic_slsa3.yml) accepts -the following inputs: +The [builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) accepts the following inputs: | Name | Required | Description | | ----------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------- | -| `base64-subjects` | yes | Artifacts for which to generate provenance, formatted the same as the output of sha256sum (SHA256 NAME\n[...]) and base64 encoded. | +| `base64-subjects` | yes | Artifact(s) for which to generate provenance, formatted the same as the output of sha256sum (SHA256 NAME\n[...]) and base64 encoded. The encoded value should decode to, for example: `90f3f7d6c862883ab9d856563a81ea6466eb1123b55bff11198b4ed0030cac86 foo.zip` | ### Workflow Outputs -The builder workflow -[.github/workflows/generator_generic_slsa3.yml](.github/workflows/generator_generic_slsa3.yml) -produces the following outputs: +The [builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) produces the following outputs: | Name | Description | | ------------------ | ------------------------------------------ | @@ -189,7 +187,7 @@ The project generates SLSA provenance with the following values. ### Provenance Example The following is an example of the generated proveanance. Provenance is -generated as an [in-toto](https://in-toto.io/) statement with a SLSA predecate. +generated as an [in-toto](https://in-toto.io/) statement with a SLSA predicate. ```json { From 085a98dd863576c217166bb957d0a7a585ad8451 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Mon, 20 Jun 2022 09:49:01 -0400 Subject: [PATCH 2/4] Update internal/builders/generic/README.md Co-authored-by: Ian Lewis --- internal/builders/generic/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index 19aacf8c41..ca6ee98584 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -64,7 +64,7 @@ output: $ sha256sum artifact1 artifact2 ... | base64 -w0 ``` -This workflow expects the base64 encoded value for the subjects to decode to a string conforming to the expected output of the above command. Specifically, the decoded output is expected to be comprised of a hash value followed by a space followed by the artifact name. +This workflow expects the `base64-subjects` input to decode to a string conforming to the expected output of the `sha256sum` command. Specifically, the decoded output is expected to be comprised of a hash value followed by a space followed by the artifact name. After you have encoded your digest, add a new job to call the reusable workflow. From 6e746b5e48ca4a4454b7e8d16916a017017f4696 Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Mon, 20 Jun 2022 09:49:12 -0400 Subject: [PATCH 3/4] Update internal/builders/generic/README.md Co-authored-by: Ian Lewis --- internal/builders/generic/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index ca6ee98584..fd874ca3ff 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -161,7 +161,7 @@ jobs: ### Workflow Inputs -The [builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) accepts the following inputs: +The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) accepts the following inputs: | Name | Required | Description | | ----------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------- | From 7d9ec61c656542fe3730afe238ac95d87b58656f Mon Sep 17 00:00:00 2001 From: Chip Zoller Date: Mon, 20 Jun 2022 09:49:21 -0400 Subject: [PATCH 4/4] Update internal/builders/generic/README.md Co-authored-by: Ian Lewis --- internal/builders/generic/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index fd874ca3ff..a7c9e5ed16 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -169,7 +169,7 @@ The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/b ### Workflow Outputs -The [builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) produces the following outputs: +The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) produces the following outputs: | Name | Description | | ------------------ | ------------------------------------------ |