From 76ebb73326bc499c908b5dbb27eb1eb85ada4304 Mon Sep 17 00:00:00 2001
From: David Dworken <david@daviddworken.com>
Date: Sun, 17 Apr 2022 10:38:12 -0700
Subject: [PATCH] Does this work to generate SLSA binaries for two OSs

---
 ...aser.yml => linux-amd64-slsa-releaser.yml} |  0
 .github/workflows/mac-amd64-slsa-releaser.yml | 55 +++++++++++++++++++
 2 files changed, 55 insertions(+)
 rename .github/workflows/{slsa-goreleaser.yml => linux-amd64-slsa-releaser.yml} (100%)
 create mode 100644 .github/workflows/mac-amd64-slsa-releaser.yml

diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/linux-amd64-slsa-releaser.yml
similarity index 100%
rename from .github/workflows/slsa-goreleaser.yml
rename to .github/workflows/linux-amd64-slsa-releaser.yml
diff --git a/.github/workflows/mac-amd64-slsa-releaser.yml b/.github/workflows/mac-amd64-slsa-releaser.yml
new file mode 100644
index 0000000..08569ac
--- /dev/null
+++ b/.github/workflows/mac-amd64-slsa-releaser.yml
@@ -0,0 +1,55 @@
+name: SLSA go releaser
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "*" 
+
+permissions: read-all
+      
+jobs:
+  # ldflags to embed the commit hash in the binary
+  args:
+    runs-on: ubuntu-latest
+    outputs:
+      ldflags: ${{ steps.ldflags.outputs.value }}
+    steps:
+      - id: checkout
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.3.4
+        with:
+          fetch-depth: 0
+      - id: ldflags
+        run: |
+          echo "::set-output name=value::$(./scripts/client-ldflags)"
+
+  # Trusted builder.
+  build:
+    permissions:
+      id-token: write
+      contents: read
+    needs: args
+    uses: slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@main # TODO: use hash upon release.
+    with:
+      go-version: 1.17
+      env: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
+      env: "GOOS=darwin"
+  # Upload to GitHub release.
+  upload:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: ${{ needs.build.outputs.go-binary-name }}
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
+      - name: Release
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            ${{ needs.build.outputs.go-binary-name }}
+            ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl