55 lines
1.8 KiB
YAML
55 lines
1.8 KiB
YAML
name: 'Generate Generic Attestations'
|
|
description: 'Generate attestations for build artifacts'
|
|
author: 'GitHub'
|
|
|
|
inputs:
|
|
subject-path:
|
|
description: >
|
|
Path to the artifact serving as the subject of the attestation. Must
|
|
specify exactly one of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-digest:
|
|
description: >
|
|
Digest of the subject for for the attestation. Must be in the form
|
|
"algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify exactly one
|
|
of "subject-path" or "subject-digest".
|
|
required: false
|
|
subject-name:
|
|
description: >
|
|
Subject name as it should appear in the attestation. Required unless
|
|
"subject-path" is specified, in which case it will be inferred from the
|
|
path.
|
|
required: false
|
|
predicate-type:
|
|
description: >
|
|
URI identifying the type of the predicate.
|
|
required: true
|
|
predicate:
|
|
description: >
|
|
String containing the value for the attestation predicate. Must supply
|
|
exactly one of "predicate-path" or "predicate".
|
|
required: false
|
|
predicate-path:
|
|
description: >
|
|
Path to the file which contains the content for the attestation predicate.
|
|
Must supply exactly one of "predicate-path" or "predicate".
|
|
required: false
|
|
push-to-registry:
|
|
description: >
|
|
Whether to push the attestation to the image registry. Requires that the
|
|
"subject-name" parameter specify the fully-qualified image name and that
|
|
the "subject-digest" parameter be specified. Defaults to false.
|
|
default: false
|
|
required: false
|
|
github-token:
|
|
description: >
|
|
The GitHub token used to make authenticated API requests.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
outputs:
|
|
bundle-path:
|
|
description: 'The path to the file containing the attestation bundle(s).'
|
|
|
|
runs:
|
|
using: node20
|
|
main: ./dist/index.js |