Skip to content

fix: Test out different workflow changes for versioning #9

fix: Test out different workflow changes for versioning

fix: Test out different workflow changes for versioning #9

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow lets you compile your Go project using a SLSA3 compliant builder.
# This workflow will generate a so-called "provenance" file describing the steps
# that were performed to generate the final binary.
# The project is an initiative of the OpenSSF (openssf.org) and is developed at
# https://github.com/slsa-framework/slsa-github-generator.
# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
name: SLSA Go releaser
on:
workflow_dispatch:
push:
branches:
- main
permissions: read-all
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: "lts/*"
- name: Install dependencies
run: npm clean-install
- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
run: npm audit signatures
- name: release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release
outputs:
version: ${{ steps.release.outputs.version }}
# ========================================================================================================================================
# Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project.
# See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file
#=========================================================================================================================================
build:
needs: release
permissions:
id-token: write # To sign.
contents: write # To upload release assets.
actions: read # To read workflow path.
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0
with:
go-version: 1.21
version: ${{ env.VERSION }}

Check failure on line 66 in .github/workflows/go-ossf-slsa3-publish.yml

View workflow run for this annotation

GitHub Actions / SLSA Go releaser

Invalid workflow file

The workflow is not valid. .github/workflows/go-ossf-slsa3-publish.yml (Line: 66, Col: 16): Unrecognized named-value: 'env'. Located at position 1 within expression: env.VERSION
# =============================================================================================================
# Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
# =============================================================================================================