c604332985
Some checks failed
Continuous Integration / Test attest-sbom action with local sbom file (push) Has been cancelled
Bumps the actions-minor group with 1 update: [actions/attest](https://github.com/actions/attest).
Updates `actions/attest` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](c32b4b8b19...59d89421af)
---
updated-dependencies:
- dependency-name: actions/attest
dependency-version: 4.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
87 lines
3.0 KiB
YAML
87 lines
3.0 KiB
YAML
name: 'Attest SBOM'
|
|
description: 'Generate SBOM attestations for build artifacts'
|
|
author: 'GitHub'
|
|
branding:
|
|
color: 'blue'
|
|
icon: 'paperclip'
|
|
|
|
inputs:
|
|
subject-path:
|
|
description: >
|
|
Path to the artifact serving as the subject of the attestation. Must
|
|
specify exactly one of "subject-path", "subject-digest", or
|
|
"subject-checksums". May contain a glob pattern or list of paths (total
|
|
subject count cannot exceed 1024).
|
|
required: false
|
|
subject-digest:
|
|
description: >
|
|
SHA256 digest of the subject for the attestation. Must be in the form
|
|
"sha256:hex_digest" (e.g. "sha256:abc123..."). Must specify exactly one of
|
|
"subject-path", "subject-digest", or "subject-checksums".
|
|
required: false
|
|
subject-name:
|
|
description: >
|
|
Subject name as it should appear in the attestation. Required when
|
|
identifying the subject with the "subject-digest" input.
|
|
subject-checksums:
|
|
description: >
|
|
Path to checksums file containing digest and name of subjects for
|
|
attestation. Must specify exactly one of "subject-path", "subject-digest",
|
|
or "subject-checksums".
|
|
required: false
|
|
sbom-path:
|
|
description: >
|
|
Path to the JSON-formatted SBOM file to attest. File size cannot exceed
|
|
16MB.
|
|
required: true
|
|
push-to-registry:
|
|
description: >
|
|
Whether to push the provenance statement to the image registry. Requires
|
|
that the "subject-name" parameter specify the fully-qualified image name
|
|
and that the "subject-digest" parameter be specified. Defaults to false.
|
|
default: false
|
|
required: false
|
|
show-summary:
|
|
description: >
|
|
Whether to attach a list of generated attestations to the workflow run
|
|
summary page. Defaults to true.
|
|
default: true
|
|
required: false
|
|
github-token:
|
|
description: >
|
|
The GitHub token used to make authenticated API requests.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
|
|
outputs:
|
|
bundle-path:
|
|
description: 'The path to the file containing the attestation bundle.'
|
|
value: ${{ steps.attest.outputs.bundle-path }}
|
|
attestation-id:
|
|
description: 'The ID of the attestation.'
|
|
value: ${{ steps.attest.outputs.attestation-id }}
|
|
attestation-url:
|
|
description: 'The URL for the attestation summary.'
|
|
value: ${{ steps.attest.outputs.attestation-url }}
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- shell: bash
|
|
run: |
|
|
echo "::warning::actions/attest-sbom has been deprecated, please use actions/attest instead"
|
|
|
|
- uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
|
|
id: attest
|
|
env:
|
|
NODE_OPTIONS: '--max-http-header-size=32768'
|
|
with:
|
|
subject-path: ${{ inputs.subject-path }}
|
|
subject-digest: ${{ inputs.subject-digest }}
|
|
subject-name: ${{ inputs.subject-name }}
|
|
subject-checksums: ${{ inputs.subject-checksums }}
|
|
sbom-path: ${{ inputs.sbom-path }}
|
|
push-to-registry: ${{ inputs.push-to-registry }}
|
|
show-summary: ${{ inputs.show-summary }}
|
|
github-token: ${{ inputs.github-token }}
|