actions/docker-attest-build-provenance
1
0
Fork 0
mirror of https://github.com/actions/attest-build-provenance.git synced 2025-12-13 02:42:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update doc references to v3 release (#697)
Some checks failed
Check Transpiled JavaScript / Check dist/ (push) Failing after 2s
Details
Continuous Integration / TypeScript Tests (push) Failing after 1s
Details
Continuous Integration / Test attest-provenance action (push) Failing after 2s
Details
CodeQL / Analyze (TypeScript) (push) Failing after 2s
Details
Public-Good Sigstore Prober / prober (push) Failing after 1s
Details
GitHub Sigstore Prober / prober (push) Failing after 1s
Details

Browse Source 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer 2025-08-28 14:23:03 -07:00 committed by GitHub
parent 977bb373ed
commit 0b6e980926
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/prober.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
date > artifact
- name: Attest build provenance
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
env:
INPUT_PRIVATE-SIGNING: ${{ inputs.sigstore == 'github' && 'true' || 'false' }}
with:

18
README.md
View File

@ -55,7 +55,7 @@ attest:
1. Add the following to your workflow after your artifact has been built:
```yaml
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-path: '<PATH TO ARTIFACT>'
```
@ -68,7 +68,7 @@ attest:
See [action.yml](action.yml)
```yaml
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
# Path to the artifact serving as the subject of the attestation. Must
# specify exactly one of "subject-path", "subject-digest", or
@ -159,7 +159,7 @@ jobs:
- name: Build artifact
run: make my-app
- name: Attest
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-path: '${{ github.workspace }}/my-app'
```
@ -170,7 +170,7 @@ If you are generating multiple artifacts, you can attest all of them at the same
time by using a wildcard in the `subject-path` input.
```yaml
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-path: 'dist/**/my-bin-*'
```
@ -182,13 +182,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or
newline delimited list:
```yaml
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-path: 'dist/foo, dist/bar'
```
```yaml
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-path: |
dist/foo
@ -209,7 +209,7 @@ attestation.
- name: Calculate artifact digests
run: |
shasum -a 256 foo_0.0.1_* > subject.checksums.txt
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-checksums: subject.checksums.txt
```
@ -282,7 +282,7 @@ jobs:
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Attest
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@ -304,7 +304,7 @@ artifact directly into the `subject-digest` input of the attestation action.
path: dist/*
name: artifact.zip
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v3
with:
subject-name: artifact.zip
subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}