* Bump the actions-minor group with 2 updates
Bumps the actions-minor group with 2 updates: [actions/attest](https://github.com/actions/attest) and [super-linter/super-linter](https://github.com/super-linter/super-linter).
Updates `actions/attest` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest/compare/v2.2.0...v2.2.1)
Updates `super-linter/super-linter` from 7.2.1 to 7.3.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](85f7611e0f...4e8a7c2bf1)
---
updated-dependencies:
- dependency-name: actions/attest
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor
- dependency-name: super-linter/super-linter
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Downgrade super-linter to version 7.2.1
* Update super-linter to latest version
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
88 lines
3.1 KiB
YAML
88 lines
3.1 KiB
YAML
name: 'Attest SBOM'
|
|
description: 'Generate SBOM attestations for build artifacts'
|
|
author: 'GitHub'
|
|
branding:
|
|
color: 'blue'
|
|
icon: 'paperclip'
|
|
|
|
inputs:
|
|
subject-path:
|
|
description: >
|
|
Path to the artifact serving as the subject of the attestation. Must
|
|
specify exactly one of "subject-path", "subject-digest", or
|
|
"subject-checksums". May contain a glob pattern or list of paths (total
|
|
subject count cannot exceed 1024).
|
|
required: false
|
|
subject-digest:
|
|
description: >
|
|
SHA256 digest of the subject for the attestation. Must be in the form
|
|
"sha256:hex_digest" (e.g. "sha256:abc123..."). Must specify exactly one of
|
|
"subject-path", "subject-digest", or "subject-checksums".
|
|
required: false
|
|
subject-name:
|
|
description: >
|
|
Subject name as it should appear in the attestation. Required when
|
|
identifying the subject with the "subject-digest" input.
|
|
subject-checksums:
|
|
description: >
|
|
Path to checksums file containing digest and name of subjects for
|
|
attestation. Must specify exactly one of "subject-path", "subject-digest",
|
|
or "subject-checksums".
|
|
required: false
|
|
sbom-path:
|
|
description: >
|
|
Path to the JSON-formatted SBOM file to attest. File size cannot exceed
|
|
16MB.
|
|
required: true
|
|
push-to-registry:
|
|
description: >
|
|
Whether to push the provenance statement to the image registry. Requires
|
|
that the "subject-name" parameter specify the fully-qualified image name
|
|
and that the "subject-digest" parameter be specified. Defaults to false.
|
|
default: false
|
|
required: false
|
|
show-summary:
|
|
description: >
|
|
Whether to attach a list of generated attestations to the workflow run
|
|
summary page. Defaults to true.
|
|
default: true
|
|
required: false
|
|
github-token:
|
|
description: >
|
|
The GitHub token used to make authenticated API requests.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
|
|
outputs:
|
|
bundle-path:
|
|
description: 'The path to the file containing the attestation bundle.'
|
|
value: ${{ steps.attest.outputs.bundle-path }}
|
|
attestation-id:
|
|
description: 'The ID of the attestation.'
|
|
value: ${{ steps.attest.outputs.attestation-id }}
|
|
attestation-url:
|
|
description: 'The URL for the attestation summary.'
|
|
value: ${{ steps.attest.outputs.attestation-url }}
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- uses: actions/attest-sbom/predicate@534423496eab34674190bc45fdacbb8b1198e07f # predicate@1.0.0
|
|
id: generate-sbom-predicate
|
|
with:
|
|
sbom-path: ${{ inputs.sbom-path }}
|
|
- uses: actions/attest@v2.2.1
|
|
id: attest
|
|
with:
|
|
subject-path: ${{ inputs.subject-path }}
|
|
subject-digest: ${{ inputs.subject-digest }}
|
|
subject-name: ${{ inputs.subject-name }}
|
|
subject-checksums: ${{ inputs.subject-checksums }}
|
|
predicate-type:
|
|
${{ steps.generate-sbom-predicate.outputs.predicate-type }}
|
|
predicate-path:
|
|
${{ steps.generate-sbom-predicate.outputs.predicate-path }}
|
|
push-to-registry: ${{ inputs.push-to-registry }}
|
|
show-summary: ${{ inputs.show-summary }}
|
|
github-token: ${{ inputs.github-token }}
|