From da203ba8ad0960e4742a16ec332cbcb86076c5be Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 26 Mar 2024 01:46:44 +0000 Subject: [PATCH] update Signed-off-by: laurentsimon --- actions/installer/action.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/actions/installer/action.yml b/actions/installer/action.yml index 9261014..0f9f071 100644 --- a/actions/installer/action.yml +++ b/actions/installer/action.yml @@ -25,6 +25,7 @@ runs: echo "GH_ACTION_REPOSITORY: ${GH_ACTION_REPOSITORY}" - name: Download the release binary + id: download shell: bash working-directory: ${{ steps.working_dir.outputs.name }} env: @@ -42,19 +43,24 @@ runs: ref=$(echo -n "${GH_ACTION_REF}" | cut -d "/" -f3) gh release -R "${GH_ACTION_REPOSITORY}" download "${ref}" -p "binary-linux-amd64*" chmod u+x binary-linux-amd64 + echo "ref=${ref}" >> "$GITHUB_OUTPUT" - name: Verify the binary shell: bash working-directory: ${{ steps.working_dir.outputs.name }} + env: + GH_ACTION_REF: ${{ steps.download.outputs.ref }} run: | set -euo pipefail - slsa-verifier verify-artifact binary-linux-amd64 --provenance-path binary-linux-amd64.intoto.jsonl --source-uri github.com/laurentsimon/slsa-policy --source-tag "${ref}" + slsa-verifier verify-artifact binary-linux-amd64 --provenance-path binary-linux-amd64.intoto.jsonl --source-uri github.com/laurentsimon/slsa-policy --source-tag "${GH_ACTION_REF}" - name: Add binary to path shell: bash working-directory: ${{ steps.working_dir.outputs.name }} + env: + GH_ACTION_REF: ${{ steps.download.outputs.ref }} run: | set -euo pipefail - mkdir -p "${HOME}/.slsa/bin/${ref}" - mv binary-linux-amd64 "${HOME}/.slsa/bin/${ref}/slsa-policy" - echo "${HOME}/.slsa/bin/${ref}" >> $GITHUB_PATH + mkdir -p "${HOME}/.slsa/bin/${GH_ACTION_REF}" + mv binary-linux-amd64 "${HOME}/.slsa/bin/${GH_ACTION_REF}/slsa-policy" + echo "${HOME}/.slsa/bin/${GH_ACTION_REF}" >> $GITHUB_PATH