From 9ad52def9ae2197150e636d9c33f62bb5501faea Mon Sep 17 00:00:00 2001 From: yuriy0803 <68668177+yuriy0803@users.noreply.github.com> Date: Mon, 4 Dec 2023 23:30:28 +0100 Subject: [PATCH] Update go-ossf-slsa3-publish.yml --- .github/workflows/go-ossf-slsa3-publish.yml | 84 ++++++++++++--------- 1 file changed, 49 insertions(+), 35 deletions(-) diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml index e4e36b1..3f8223e 100644 --- a/.github/workflows/go-ossf-slsa3-publish.yml +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -1,43 +1,57 @@ -name: SLSA Go Releaser - +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA Go releaser on: + workflow_dispatch: release: - types: - - created + types: [created] -jobs: - build_windows: - runs-on: windows-latest +permissions: read-all +jobs: + # ======================================================================================================================================== + # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. + # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file + #========================================================================================================================================= + build: + permissions: + id-token: write # To sign. + contents: write # To upload release assets. + actions: read # To read workflow path. + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 + with: + go-version: 1.17 + # ============================================================================================================= + # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects + # ============================================================================================================= + + publish: + needs: build + runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.19 + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: 1.19 - - name: Run SLSA Go Generator (Windows) - uses: slsa-framework/slsa-github-generator@v1.4.0 - with: - go-version: 1.19 - # add any other necessary configuration here + - name: Install GoReleaser + run: | + curl -sfL https://install.goreleaser.com/install-goreleaser.sh | sh - build_linux: - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v2 - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.19 - - - name: Run SLSA Go Generator (Linux) - uses: slsa-framework/slsa-github-generator@v1.4.0 - with: - go-version: 1.19 - # add any other necessary configuration here + - name: Release + run: | + goreleaser --config .goreleaser.yml