name: 'Generate Build Provenance Statement'
description: 'Generate provenance statement for build artifacts'
author: 'GitHub'

inputs:
  github-token:
    description: >
      The GitHub token used to make authenticated API requests.
    default: ${{ github.token }}
    required: false
  subject-path:
    description: >
      Path to the artifact for which provenance will be generated. Must specify
      exactly one of "subject-path" or "subject-digest".
    required: false
  subject-digest:
    description: >
      Digest of the subject for which provenance will be generated. Must be in
      the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify
      exactly one of "subject-path" or "subject-digest".
    required: false
  subject-name:
    description: >
      Subject name as it should appear in the provenance statement. Required
      unless "subject-path" is specified, in which case it will be inferred from
      the path.
  push-to-registry:
    description: >
      Whether to push the provenance statement to the image registry. Requires
      that the "subject-name" parameter specify the fully-qualified image name
      and that the "subject-digest" parameter be specified. Defaults to false.
    default: false
    required: false
outputs:
  predicate:
    description: >
      The JSON-serialized of the attestation predicate.
  predicate-type:
    description: >
      URI identifying the type of the predicate.
runs:
  using: node20
  main: ../dist/index.js