Skip to content
This repository has been archived by the owner on Jun 5, 2024. It is now read-only.

Add prov-name

Add prov-name #3

name: SimpleApp builds
on:
push:
tags:
- "*"
jobs:
build:
runs-on: ubuntu-20.04
# container:
# image: ubuntu:20.04
defaults:
run:
shell: bash
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
# Checkout the code
# 'fetch-depth' is set to 0 in order to fetch all tags (used for generating the changelog)
- name: Checkout Code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6
with:
fetch-depth: 0
persist-credentials: 'false'
- name: Set up Python ${{ matrix.python_version }}
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d #v5.1.0
id: setup-python
with:
python-version: '3.10'
- name: Install dependencies
id: install-deps
run: |
pip install poetry
- name: Build
id: build-wheel
run: |
rm -rf dist
poetry build
- name: "Generate hashes"
id: hash
run: |
cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- name: Upload wheel artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: py3-build
path: dist/
if-no-files-found: error
provenance:
needs: [build]
permissions:
actions: read
contents: write
id-token: write # Needed to access the workflow's OIDC identity.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
provenance-name: provenance.intoto.jsonl
# private-repository: true
# upload-assets: true
# draft-release: true
# compile-generator: false # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163
create-release-draft:
# Upload the sdist, wheels, and provenance to a GitHub release. They remain
# available as build artifacts for a while as well.
needs: [provenance]
runs-on: ubuntu-latest
if: ${{ always() }}
permissions:
contents: write
steps:
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: provenance.intoto.jsonl
path: dist/
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: py3-build
path: dist/
- name: Debug
run: |
find .
- name: create release
run: >
gh release upload --repo ${{ github.repository }}
${{ github.ref_name }}
dist/* *.intoto.jsonl
env:
GH_TOKEN: ${{ github.token }}