mirror of
https://github.com/actions/attest-build-provenance.git
synced 2025-12-14 11:22:22 +00:00
43 lines
1.5 KiB
YAML
43 lines
1.5 KiB
YAML
name: 'Generate Build Provenance Statement'
|
|
description: 'Generate provenance statement for build artifacts'
|
|
author: 'GitHub'
|
|
|
|
inputs:
|
|
github-token:
|
|
description: >
|
|
The GitHub token used to make authenticated API requests.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
subject-path:
|
|
description: >
|
|
Path to the artifact for which provenance will be generated. Must specify
|
|
exactly one of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-digest:
|
|
description: >
|
|
Digest of the subject for which provenance will be generated. Must be in
|
|
the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify
|
|
exactly one of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-name:
|
|
description: >
|
|
Subject name as it should appear in the provenance statement. Required
|
|
unless "subject-path" is specified, in which case it will be inferred from
|
|
the path.
|
|
push-to-registry:
|
|
description: >
|
|
Whether to push the provenance statement to the image registry. Requires
|
|
that the "subject-name" parameter specify the fully-qualified image name
|
|
and that the "subject-digest" parameter be specified. Defaults to false.
|
|
default: false
|
|
required: false
|
|
outputs:
|
|
predicate:
|
|
description: >
|
|
The JSON-serialized of the attestation predicate.
|
|
predicate-type:
|
|
description: >
|
|
URI identifying the type of the predicate.
|
|
runs:
|
|
using: node20
|
|
main: ../dist/index.js |