4545 runs-on : ubuntu-latest
4646 needs : ['path-filter', 'test-build']
4747 outputs :
48- hashes : ${{ steps.hash.outputs.hashes }}
48+ hashes : ${{ steps.hash.outputs.hashes_lbox-clients }}
4949 strategy :
5050 fail-fast : false
5151 matrix :
@@ -71,36 +71,24 @@ jobs:
7171name : " Generate hashes"
7272 id : hash
7373 run : |
74- cd dist && echo "hashes-${{matrix.package}}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
74+ cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
75+ echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
7576uses : actions/upload-artifact@v4
7677 with :
7778 name : build-${{ matrix.package }}
7879 path : ./dist
7980 provenance_python :
80- needs : [path-filter, build]
81- runs-on : ubuntu-latest
82- strategy :
83- fail-fast : false
84- matrix :
85- include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
81+ needs : [build]
8682 permissions :
8783 actions : read
8884 contents : write
8985 id-token : write # Needed to access the workflow's OIDC identity.
90- steps :
91- - name : Use hashes output
92- id : use-hashes
93- run : |
94- HASH_VAR="hashes-${{ matrix.package }}"
95- echo "HASH_VAR=$HASH_VAR" >> $GITHUB_ENV
96- echo "Using hash: ${{ env.HASH_VAR }}"
97- uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
98- with :
99- private-repository : true
100- base64-subjects : " ${{ env.HASH_VAR }}"
101- upload-assets : true
102- upload-tag-name : v.6.0.0 # Tag from the initiation of the workflow
103-
86+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
87+ with :
88+ base64-subjects : " ${{ needs.build.outputs.hashes }}"
89+ upload-assets : true
90+ upload-tag-name : v.6.0.0 # Tag from the initiation of the workflow
91+
10492 test-build :
10593 needs : ['path-filter']
10694 if : ${{ needs.path-filter.outputs.lbox == 'true' }}
0 commit comments