Skip to content

Commit

Permalink
Merge pull request #127 from marcransome/slsa-provenance-release-chec…
Browse files Browse the repository at this point in the history 
…ksums

Add checksums and in-toto attestations to release
  • Loading branch information
@marcransome
marcransome authored Mar 24, 2024
2 parents 4dc5830 + 902e43d commit 9da94fb
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ jobs:
outputs:
hash-darwin-x86_64: ${{ steps.hash.outputs.hash-darwin-x86_64 }}
hash-darwin-arm64: ${{ steps.hash.outputs.hash-darwin-arm64 }}
checksum-darwin-x86_64: ${{ steps.hash.outputs.archive-darwin-x86_64 }}
checksum-darwin-arm64: ${{ steps.hash.outputs.archive-darwin-arm64 }}
archive-darwin-x86_64: ${{ steps.archive.outputs.archive-darwin-x86_64 }}
archive-darwin-arm64: ${{ steps.archive.outputs.archive-darwin-arm64 }}
steps:
Expand Down Expand Up @@ -61,6 +63,7 @@ jobs:
shasum -a 256 "${{ steps.archive.outputs.name }}" > "${{ steps.archive.outputs.name }}.sha256"
b64_hash=$(cat "${{ steps.archive.outputs.name }}.sha256" | base64)
echo "hash-darwin-${{ steps.arch.outputs.name }}=${b64_hash}" >> "$GITHUB_OUTPUT"
echo "checksum-darwin-${{ steps.arch.outputs.name }}=${{ steps.archive.outputs.name }}.sha256" >> "$GITHUB_OUTPUT"
- name: Upload build artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
Expand Down Expand Up @@ -108,13 +111,24 @@ jobs:
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: ${{ needs.build.outputs.archive-darwin-x86_64 }}
- name: Download x86_64 SHA-256 checksum file
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: ${{ needs.build.outputs.checksum-darwin-x86_64 }}
- name: Download arm64 build artifact
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: ${{ needs.build.outputs.archive-darwin-arm64 }}
- name: Download arm64 SHA-256 checksum file
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: ${{ needs.build.outputs.checksum-darwin-arm64 }}
- name: Upload release assets
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
with:
files: |
${{ needs.build.outputs.archive-darwin-x86_64 }}
${{ needs.build.outputs.checksum-darwin-x86_64 }}
${{ needs.build.outputs.archive-darwin-arm64 }}
${{ needs.build.outputs.checksum-darwin-arm64 }}
flog.multiple.intoto.jsonl

0 comments on commit 9da94fb

Please sign in to comment.