Skip to content

ensigniasec/upload-provenance

BranchesTags

Repository files navigation

upload-provenance-action

Ensignia Provenance Action to compliment the slsa-github-generator action.

Usage:

steps:
  build:
    permissions:
      id-token: write # To sign the provenance.
      contents: write # To upload assets to release.
      actions: read # To read the workflow path.
      checks: read
    needs: args
    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0
    with:
      go-version: 1.20.3

  publish:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Download artifact
        uses: actions/download-artifact@v3
        with:
          name: ${{ needs.build.outputs.go-provenance-name }}

      - uses: ensigniasec/upload-provenance-action@main
        with:
          api-key: "${{ secrets.ENSIGNIA_API_KEY }}"
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          provenance-name: "${{ needs.build.outputs.go-provenance-name }}"

About

Ensignia Provenance Upload Action

Topics

golang slsa slsa-generic-generator slsa-provenance

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages