File tree Expand file tree Collapse file tree 1 file changed +21
-11
lines changed Expand file tree Collapse file tree 1 file changed +21
-11
lines changed Original file line number Diff line number Diff line change @@ -67,23 +67,33 @@ jobs:
67
67
rye sync
68
68
rye build
69
69
- name : " Generate hashes"
70
- id : hash
70
+ id : hashes
71
71
run : |
72
- cd dist && echo "hashes =$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
72
+ cd dist && echo "${{ matrix.package }} =$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
73
73
echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
74
74
- uses : actions/upload-artifact@v4
75
75
with :
76
76
name : build-${{ matrix.package }}
77
77
path : ./dist
78
- - uses : actions/checkout@v4
79
- with :
80
- ref : ${{ github.head_ref }}
81
- - uses : ./.github/actions/provenance
82
- with :
83
- subjects : " ${{ steps.hash.outputs.hashes }}"
84
- tag : ${{ inputs.tag }}
85
- provenance-name : ${{ matrix.package }}.intoto.jsonl
86
-
78
+ provenance :
79
+ needs : ['path-filter', 'build']
80
+ permissions :
81
+ actions : read
82
+ contents : write
83
+ id-token : write # Needed to access the workflow's OIDC identity.
84
+ strategy :
85
+ fail-fast : false
86
+ matrix :
87
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
88
+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
89
+ with :
90
+ # base64-subjects: ${{ needs.build.outputs.hashes[format('hashes_{}', matrix.package)] }}
91
+ base64-subjects : ${{ needs.build.outputs.hashes.hash_lbox-clients }}
92
+ upload-assets : true
93
+ upload-tag-name : ${{ inputs.tag }}
94
+ provenance-name : ${{ matrix.package }}.intoto.jsonl
95
+
96
+
87
97
test-build :
88
98
needs : ['path-filter']
89
99
if : ${{ needs.path-filter.outputs.lbox == 'true' }}
You can’t perform that action at this time.
0 commit comments