Compare commits

...

3 Commits

Author SHA1 Message Date
Aline Nunes
12aeac882a
Merge 02741a79b5 into 26961cf329 2024-07-15 22:56:20 -04:00
suyashgaonkar
26961cf329
Documentation update in the README file (#1106)
* first commit on using setup node

* Delete .github/workflows/helloWorld.yml

* Create main.yml

* Rename main.yml to helloworld.yml

* goodbye world added

* name changed to goodbye

* updated README

---------

Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>
2024-07-15 11:47:17 -05:00
Aline Nunes
02741a79b5
Create generator-generic-ossf-slsa3-publish.yml 2024-06-09 09:55:23 -03:00
2 changed files with 67 additions and 1 deletions

View File

@ -0,0 +1,66 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow lets you generate SLSA provenance file for your project.
# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
# The project is an initiative of the OpenSSF (openssf.org) and is developed at
# https://github.com/slsa-framework/slsa-github-generator.
# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
name: SLSA generic generator
on:
workflow_dispatch:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
outputs:
digests: ${{ steps.hash.outputs.digests }}
steps:
- uses: actions/checkout@v4
# ========================================================
#
# Step 1: Build your artifacts.
#
# ========================================================
- name: Build artifacts
run: |
# These are some amazing artifacts.
echo "artifact1" > artifact1
echo "artifact2" > artifact2
# ========================================================
#
# Step 2: Add a step to generate the provenance subjects
# as shown below. Update the sha256 sum arguments
# to include all binaries that you generate
# provenance for.
#
# ========================================================
- name: Generate subject for provenance
id: hash
run: |
set -euo pipefail
# List the artifacts the provenance will refer to.
files=$(ls artifact*)
# Generate the subjects (base64 encoded).
echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
with:
base64-subjects: "${{ needs.build.outputs.digests }}"
upload-assets: true # Optional: Upload to a new release

View File

@ -21,7 +21,7 @@ See [action.yml](action.yml)
- uses: actions/setup-node@v4
with:
# Version Spec of the version to use in SemVer notation.
# It also emits such aliases as lts, latest, nightly and canary builds
# It also admits such aliases as lts, latest, nightly and canary builds
# Examples: 12.x, 10.15.1, >=10.15.0, lts/Hydrogen, 16-nightly, latest, node
node-version: ''