mirror of
https://github.com/ddworken/hishtory.git
synced 2025-06-21 12:34:32 +02:00
Added SLSA builder
This commit is contained in:
parent
ee8e0c425d
commit
ff37570d74
53
.github/workflows/slsa-goreleaser.yml
vendored
Normal file
53
.github/workflows/slsa-goreleaser.yml
vendored
Normal file
@ -0,0 +1,53 @@
|
||||
name: SLSA go releaser
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
tags:
|
||||
- "*"
|
||||
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
# ldflags to embed the commit hash in the binary
|
||||
args:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
ldflags: ${{ steps.ldflags.outputs.value }}
|
||||
steps:
|
||||
- id: checkout
|
||||
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.3.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- id: ldflags
|
||||
run: |
|
||||
echo "::set-output name=value::$(./scripts/version-ldflags)"
|
||||
# Trusted builder.
|
||||
build:
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
needs: args
|
||||
uses: slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@main # TODO: use hash upon release.
|
||||
with:
|
||||
go-version: 1.17
|
||||
env: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
|
||||
# Upload to GitHub release.
|
||||
upload:
|
||||
permissions:
|
||||
contents: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
steps:
|
||||
- uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
|
||||
with:
|
||||
name: ${{ needs.build.outputs.go-binary-name }}
|
||||
- uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
|
||||
with:
|
||||
name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
|
||||
- name: Release
|
||||
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
with:
|
||||
files: |
|
||||
${{ needs.build.outputs.go-binary-name }}
|
||||
${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
|
12
.slsa-goreleaser.yml
Normal file
12
.slsa-goreleaser.yml
Normal file
@ -0,0 +1,12 @@
|
||||
version: 1
|
||||
|
||||
flags:
|
||||
- -trimpath
|
||||
|
||||
goos: linux
|
||||
goarch: amd64
|
||||
|
||||
binary: hishtory-{{ .OS }}-{{ .Arch }}
|
||||
|
||||
ldflags:
|
||||
- '{{ .Env.VERSION_LDFLAGS }}'
|
Loading…
x
Reference in New Issue
Block a user