Skip to content

Commit adf7e96

Browse files
author
Val Brodsky
committed
Update the lbox publish workflow to publish lbox packages dynamically
1 parent b9cc6ab commit adf7e96

File tree

1 file changed

+10
-16
lines changed

1 file changed

+10
-16
lines changed

.github/workflows/lbox-publish.yml

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -41,16 +41,17 @@ jobs:
4141
build:
4242
runs-on: ubuntu-latest
4343
needs: ['path-filter', 'test-build']
44-
outputs:
45-
hashes: ${{ steps.hash.outputs.hashes_lbox-clients }}
44+
permissions:
45+
actions: read
46+
contents: write
47+
id-token: write # Needed to access the workflow's OIDC identity.
4648
strategy:
4749
fail-fast: false
4850
matrix:
4951
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
5052
steps:
5153
- uses: actions/checkout@v4
5254
with:
53-
# ref: ${{ inputs.tag }}
5455
ref: ${{ inputs.tag }}
5556
- name: Install the latest version of rye
5657
uses: eifinger/setup-rye@v2
@@ -68,24 +69,17 @@ jobs:
6869
- name: "Generate hashes"
6970
id: hash
7071
run: |
71-
cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
72+
cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
7273
echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
7374
- uses: actions/upload-artifact@v4
7475
with:
7576
name: build-${{ matrix.package }}
7677
path: ./dist
77-
provenance_python:
78-
needs: [build]
79-
permissions:
80-
actions: read
81-
contents: write
82-
id-token: write # Needed to access the workflow's OIDC identity.
83-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
84-
with:
85-
base64-subjects: "${{ needs.build.outputs.hashes }}"
86-
upload-assets: true
87-
upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow
88-
provenance-name: lbox-clients.intoto.jsonl
78+
- uses: ./.github/actions/provenance
79+
with:
80+
subjects: "${{ steps.hash.outputs.hashes }}"
81+
tag: ${{ inputs.tag }}
82+
provenance-name: ${{ matrix.package }}.intoto.jsonl
8983

9084
test-build:
9185
needs: ['path-filter']

0 commit comments

Comments
 (0)