mirror of
https://github.com/actions/attest-build-provenance.git
synced 2025-12-16 12:19:04 +00:00
83efb956c8
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from56a361a160to252cd7f619. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](56a361a160...252cd7f619) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
55 lines
2.1 KiB
YAML
55 lines
2.1 KiB
YAML
name: 'Attest Build Provenance'
|
|
description: 'Generate provenance attestations for build artifacts'
|
|
author: 'GitHub'
|
|
|
|
inputs:
|
|
subject-path:
|
|
description: >
|
|
Path to the artifact for which provenance will be generated. Must specify
|
|
exactly one of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-digest:
|
|
description: >
|
|
Digest of the subject for which provenance will be generated. Must be in
|
|
the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify
|
|
exactly one of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-name:
|
|
description: >
|
|
Subject name as it should appear in the provenance statement. Required
|
|
unless "subject-path" is specified, in which case it will be inferred from
|
|
the path.
|
|
push-to-registry:
|
|
description: >
|
|
Whether to push the provenance statement to the image registry. Requires
|
|
that the "subject-name" parameter specify the fully-qualified image name
|
|
and that the "subject-digest" parameter be specified. Defaults to false.
|
|
default: false
|
|
required: false
|
|
github-token:
|
|
description: >
|
|
The GitHub token used to make authenticated API requests.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
|
|
outputs:
|
|
bundle-path:
|
|
description: 'The path to the file containing the attestation bundle(s).'
|
|
value: ${{ steps.attest.outputs.bundle-path }}
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- uses: actions/attest-build-provenance/predicate@252cd7f6191f0d6fb569a82162b24179cc1274b1 # predicate@0.1.0
|
|
id: generate-build-provenance-predicate
|
|
- uses: actions/attest@14e407ca15f1b08f4869fc058b059f7f1e434df6 # v0.1.0
|
|
id: attest
|
|
with:
|
|
subject-path: ${{ inputs.subject-path }}
|
|
subject-digest: ${{ inputs.subject-digest }}
|
|
subject-name: ${{ inputs.subject-name }}
|
|
predicate-type: ${{ steps.generate-build-provenance-predicate.outputs.predicate-type }}
|
|
predicate: ${{ steps.generate-build-provenance-predicate.outputs.predicate }}
|
|
push-to-registry: ${{ inputs.push-to-registry }}
|
|
github-token: ${{ inputs.github-token }}
|