try actions for handling notes (#42)

TomHennen · web-flow · commit 472a10217839 · 2025-02-09T15:51:27.000-05:00
Signed-off-by: Tom Hennen &lt;tomhennen@google.com&gt;
diff --git a/actions/get_note/action.yml b/actions/get_note/action.yml
@@ -0,0 +1,20 @@
+name: Gets data from a git note
+description: Gets data from the git note and stores it in the provided path.
+inputs:
+  commit:
+    description: 'Commit to read note data from'
+    requried: true
+  path:
+    description: 'File with the data to add to the note'
+    required: true
+
+runs:
+  using: "Composite"
+  steps:
+    - id: read_from_note
+      run: |
+          git config user.name "${{ github.actor }}"
+          git config user.email "${{ github.actor }}@users.noreply.github.com"
+          git fetch origin "refs/notes/*:refs/notes/*"
+          git notes show ${{ inputs.commit }} >> ${{ inputs.path }}
+      shell: bash
diff --git a/actions/store_note/action.yml b/actions/store_note/action.yml
@@ -0,0 +1,18 @@
+name: Store data in git notes
+description: Stores provided data in a git note for the current commit.
+inputs:
+  path:
+    description: 'File with the data to add to the note'
+    required: true
+
+runs:
+  using: "Composite"
+  steps:
+    - id: store_in_note
+      run: |
+          git config user.name "${{ github.actor }}"
+          git config user.email "${{ github.actor }}@users.noreply.github.com"
+          git fetch origin "refs/notes/*:refs/notes/*"
+          git notes append -F ${{ inputs.path }}
+          git push origin "refs/notes/*"
+      shell: bash
diff --git a/actions/vsa_creator/action.yml b/actions/vsa_creator/action.yml
@@ -38,14 +38,13 @@ runs:
         echo "## Signed VSA" >> $GITHUB_STEP_SUMMARY
         cat ${{ github.workspace }}/metadata/signed_vsa.json >> $GITHUB_STEP_SUMMARY
       shell: bash
-    - id: store_in_note
-      run: |
-          git config user.name "${{ github.actor }}"
-          git config user.email "${{ github.actor }}@users.noreply.github.com"
-          git fetch origin "refs/notes/*:refs/notes/*"
-          git notes append -F ${{ github.workspace }}/metadata/signed_vsa.json
-          git push origin "refs/notes/*"
-      shell: bash
+    - uses: slsa-framework/slsa-source-poc/actions/store_note@main
+      with:
+        path: ${{ github.workspace }}/metadata/signed_vsa.json
+    - uses: slsa-framework/slsa-source-poc/actions/get_note@main
+      with:
+        commit: ${{ github.event.before }}
+        path: ${{ github.workspace }}/metadata/previous_note.json
     - uses: actions/upload-artifact@v4
       if: always()
       with:
