Add SLSA generic generator workflow#67
Conversation
This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.
|
From 051b9c9 Mon Sep 17 00:00:00 2001 This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects..../generator-generic-ossf-slsa3-publish.yml | 66 +++++++++++++++++++ diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
+jobs:
|
TalaStar-Digital
left a comment
There was a problem hiding this comment.
From 051b9c9 Mon Sep 17 00:00:00 2001
From: Kristal Jane Apurado talastarcaringservices@gmail.com
Date: Mon, 18 May 2026 05:54:43 +0100
Subject: [PATCH] Add SLSA generic generator workflow
This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.
.../generator-generic-ossf-slsa3-publish.yml | 66 +++++++++++++++++++
1 file changed, 66 insertions(+)
create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.yml
diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
new file mode 100644
index 0000000..35c829b
--- /dev/null
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:
- workflow_dispatch:
- release:
- types: [created]
+jobs:
- build:
- runs-on: ubuntu-latest
- outputs:
-
digests: ${{ steps.hash.outputs.digests }} - steps:
-
- uses: actions/checkout@v4 -
# ======================================================== -
# -
# Step 1: Build your artifacts. -
# -
# ======================================================== -
- name: Build artifacts -
run: | -
# These are some amazing artifacts. -
echo "artifact1" > artifact1 -
echo "artifact2" > artifact2 -
# ======================================================== -
# -
# Step 2: Add a step to generate the provenance subjects -
# as shown below. Update the sha256 sum arguments -
# to include all binaries that you generate -
# provenance for. -
# -
# ======================================================== -
- name: Generate subject for provenance -
id: hash -
run: | -
set -euo pipefail -
# List the artifacts the provenance will refer to. -
files=$(ls artifact*) -
# Generate the subjects (base64 encoded). -
echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" - provenance:
- needs: [build]
- permissions:
-
actions: read # To read the workflow path. -
id-token: write # To sign the provenance. -
contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
- with:
-
base64-subjects: "${{ needs.build.outputs.digests }}" -
upload-assets: true # Optional: Upload to a new release
This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.
Summary
Changes
Closes:
Task list