From ff09284c93dfcfba0dd0a3650c8e41a53851bb19 Mon Sep 17 00:00:00 2001 From: JohnDaWalka <201526231+JohnDaWalka@users.noreply.github.com> Date: Sun, 27 Jul 2025 09:06:11 -0400 Subject: [PATCH 1/4] Create go-ossf-slsa3-publish.yml Signed-off-by: JohnDaWalka <201526231+JohnDaWalka@users.noreply.github.com> --- .github/workflows/go-ossf-slsa3-publish.yml | 38 +++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/go-ossf-slsa3-publish.yml diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml new file mode 100644 index 000000000..79ea193f7 --- /dev/null +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA Go releaser +on: + workflow_dispatch: + release: + types: [created] + +permissions: read-all + +jobs: + # ======================================================================================================================================== + # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. + # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file + #========================================================================================================================================= + build: + permissions: + id-token: write # To sign. + contents: write # To upload release assets. + actions: read # To read workflow path. + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 + with: + go-version: 1.17 + # ============================================================================================================= + # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects + # ============================================================================================================= + From 159ce99619be3e40546a2cada6f06b53a4a23fba Mon Sep 17 00:00:00 2001 From: JohnDaWalka <201526231+JohnDaWalka@users.noreply.github.com> Date: Tue, 5 Aug 2025 17:43:09 -0400 Subject: [PATCH 2/4] Update go-ossf-slsa3-publish.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/go-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml index 79ea193f7..44a415bdd 100644 --- a/.github/workflows/go-ossf-slsa3-publish.yml +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -21,7 +21,7 @@ permissions: read-all jobs: # ======================================================================================================================================== - # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. + # Prerequisite: Create a .slsa-goreleaser.yml in the root directory of your project. # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file #========================================================================================================================================= build: From 324dfcc7fe49d64b5ee77dc1fc81ebc12d283de2 Mon Sep 17 00:00:00 2001 From: JohnDaWalka <201526231+JohnDaWalka@users.noreply.github.com> Date: Tue, 5 Aug 2025 17:43:15 -0400 Subject: [PATCH 3/4] Update go-ossf-slsa3-publish.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/go-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml index 44a415bdd..b216198dd 100644 --- a/.github/workflows/go-ossf-slsa3-publish.yml +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -31,7 +31,7 @@ jobs: actions: read # To read workflow path. uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 with: - go-version: 1.17 + go-version: 1.22 # ============================================================================================================= # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects # ============================================================================================================= From 1d15829b04afe63571ada7a756632f1e1e9be292 Mon Sep 17 00:00:00 2001 From: JohnDaWalka <201526231+JohnDaWalka@users.noreply.github.com> Date: Tue, 5 Aug 2025 17:47:13 -0400 Subject: [PATCH 4/4] Update go-ossf-slsa3-publish.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/go-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml index b216198dd..be98ab08b 100644 --- a/.github/workflows/go-ossf-slsa3-publish.yml +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -29,7 +29,7 @@ jobs: id-token: write # To sign. contents: write # To upload release assets. actions: read # To read workflow path. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0 with: go-version: 1.22 # =============================================================================================================