From 3017a17510bb184d67f37473b85cf10e388d0a0d Mon Sep 17 00:00:00 2001 From: Mark Joshwel <89562141+markjoshwel@users.noreply.github.com> Date: Sat, 3 Jun 2023 11:14:45 +0000 Subject: [PATCH] ci: slsa publish fix attempt --- .github/workflows/slsa-publish.yml | 32 ++++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/slsa-publish.yml b/.github/workflows/slsa-publish.yml index 55c6333..7ecff7b 100644 --- a/.github/workflows/slsa-publish.yml +++ b/.github/workflows/slsa-publish.yml @@ -1,4 +1,4 @@ -name: slsa publish +name: publish (slsa 3) on: workflow_dispatch: release: @@ -8,22 +8,28 @@ jobs: build: runs-on: ubuntu-latest outputs: - digests: ${{ steps.hash.outputs.digests }} + hashes: ${{ steps.hash.outputs.hashes }} steps: - - uses: actions/checkout@v3 + - name: checkout + uses: actions/checkout@v3 + - name: install devbox uses: jetpack-io/devbox-install-action@v0.3.0 - - name: build artifacts - run: | - devbox run poetry install - devbox run poetry build - - name: hash artifacts + + - name: install dependencies + run: devbox run poetry install + + - name: install dependencies + id: build + run: devbox run poetry build + + - name: generate provenance subjects id: hash run: | - set -euo pipefail - files=$(ls dist/*.whl) - echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + cd dist + HASHES=$(sha256sum * | base64 -w0) + echo "hashes=$HASHES" >> "$GITHUB_OUTPUT" provenance: needs: [build] @@ -31,7 +37,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 with: - base64-subjects: "${{ needs.build.outputs.digests }}" + base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true