Does this work to generate SLSA binaries for two OSs

.github/workflows/mac-amd64-slsa-releaser.yml

@@ -0,0 +1,55 @@
+name: SLSA go releaser
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "*" 
+
+permissions: read-all
+      
+jobs:
+  # ldflags to embed the commit hash in the binary
+  args:
+    runs-on: ubuntu-latest
+    outputs:
+      ldflags: ${{ steps.ldflags.outputs.value }}
+    steps:
+      - id: checkout
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.3.4
+        with:
+          fetch-depth: 0
+      - id: ldflags
+        run: |
+          echo "::set-output name=value::$(./scripts/client-ldflags)"
+
+  # Trusted builder.
+  build:
+    permissions:
+      id-token: write
+      contents: read
+    needs: args
+    uses: slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@main # TODO: use hash upon release.
+    with:
+      go-version: 1.17
+      env: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
+      env: "GOOS=darwin"
+  # Upload to GitHub release.
+  upload:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: ${{ needs.build.outputs.go-binary-name }}
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
+      - name: Release
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            ${{ needs.build.outputs.go-binary-name }}
+            ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl