SLSA Releaser #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SLSA Releaser | |
on: | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
args: | |
runs-on: ubuntu-latest | |
outputs: | |
build-time: ${{ steps.ldflags.outputs.build-time }} | |
commit-id: ${{ steps.ldflags.outputs.commit-id }} | |
version: ${{ steps.ldflags.outputs.version }} | |
branch-name: ${{ steps.ldflags.outputs.branch-name }} | |
steps: | |
- id: checkout | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
with: | |
fetch-depth: 0 | |
- id: setupgo | |
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.4.0 | |
with: | |
go-version: 1.17 | |
- id: ldflags | |
run: | | |
echo "build-time=$(date +%Y%m%d%H%M)" >> "$GITHUB_OUTPUT" | |
echo "commit-id=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
echo "version=$(git describe --abbrev=0 --tags)" >> "$GITHUB_OUTPUT" | |
echo "branch-name=$(git rev-parse --abbrev-ref HEAD)" >> "$GITHUB_OUTPUT" | |
build: | |
permissions: | |
id-token: write | |
contents: write | |
actions: read | |
strategy: | |
matrix: | |
binary: | |
- authtool | |
- bcache | |
- client | |
- fdstore | |
- fsck | |
- preload | |
- server | |
os: | |
- linux | |
arch: | |
- amd64 | |
needs: args | |
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
with: | |
go-version: 1.17 | |
config-file: .github/slsa/slsa-${{matrix.binary}}-${{matrix.os}}-${{matrix.arch}}.yml | |
evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
compile-builder: true | |
# # Trusted builders | |
# authtool-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-authtool-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true | |
# bcache-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-bcache-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true | |
# client-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-client-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true | |
# fdstore-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-fdstore-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true | |
# fsck-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-fsck-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true | |
# preload-linux-amd64: | |
# permissions: | |
# id-token: write | |
# contents: write | |
# actions: read | |
# needs: args | |
# uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@07e64b653f10a80b6510f4568f685f8b7b9ea830 | |
# with: | |
# config-file: .github/slsa/slsa-preload-linux-amd64.yml | |
# go-version: 1.17 | |
# evaluated-envs: "BUILD_TIME:${{needs.args.outputs.build-time}}, COMMIT_ID:${{needs.args.outputs.commit-id}}, VERSION:${{needs.args.outputs.version}}, BRANCH_NAME:${{needs.args.outputs.branch-name}}" | |
# compile-builder: true |