Skip to content

Commit 7d9f1ed

Browse files
authored
Will this create provenance? (#35)
* Will this create provenance? * newline
1 parent 84de19c commit 7d9f1ed

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

.github/workflows/build-tools.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,4 @@ jobs:
3838
imagename: ghcr.io/${{ github.repository }}/${{ matrix.tool }}
3939
registry: 'ghcr.io'
4040
github_token: ${{ secrets.GITHUB_TOKEN }}
41+
publish_provenance_for_private_repo: true

publish/actions/container/action.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ inputs:
1515
github_token:
1616
description: "GitHub token with write access"
1717
required: true
18+
publish_provenance_for_private_repo:
19+
description: "Publish provenance to Sigstore for a private repo"
20+
required: false
21+
default: false
1822

1923
runs:
2024
using: "composite"
@@ -49,3 +53,13 @@ runs:
4953
labels: ${{ steps.meta.outputs.labels }}
5054
cache-from: type=gha
5155
cache-to: type=gha,mode=max
56+
- name: Provenance
57+
if: startsWith(github.ref, 'refs/tags/')
58+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
59+
with:
60+
image: ${{ push.outputs.image }}
61+
digest: ${{ push.outputs.digest }}
62+
registry-username: ${{ github.actor }}
63+
private-repository: ${{ inputs.publish_provenance_for_private_repo }}
64+
secrets:
65+
registry-password: ${{ inputs.github_token }}

0 commit comments

Comments
 (0)