Skip to content

Add SLSA generic generator workflow#67

Closed
TalaStar-Digital wants to merge 1 commit into
skills:mainfrom
TalaStar-Digital:main
Closed

Add SLSA generic generator workflow#67
TalaStar-Digital wants to merge 1 commit into
skills:mainfrom
TalaStar-Digital:main

Conversation

@TalaStar-Digital

@TalaStar-Digital TalaStar-Digital commented May 18, 2026

Copy link
Copy Markdown

This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.

Summary

Changes

Closes:

Task list

  • For workflow changes, I have verified the Actions workflows function as expected.
  • For content changes, I have reviewed the style guide.

This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.
@TalaStar-Digital TalaStar-Digital marked this pull request as draft May 18, 2026 04:55

@TalaStar-Digital TalaStar-Digital left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SLSA

@TalaStar-Digital TalaStar-Digital marked this pull request as ready for review May 18, 2026 04:55
@TalaStar-Digital

Copy link
Copy Markdown
Author

From 051b9c9 Mon Sep 17 00:00:00 2001
From: Kristal Jane Apurado talastarcaringservices@gmail.com
Date: Mon, 18 May 2026 05:54:43 +0100
Subject: [PATCH] Add SLSA generic generator workflow

This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.

.../generator-generic-ossf-slsa3-publish.yml | 66 +++++++++++++++++++
1 file changed, 66 insertions(+)
create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.yml

diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
new file mode 100644
index 0000000..35c829b
--- /dev/null
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:

  • workflow_dispatch:
  • release:
  • types: [created]

+jobs:

  • build:
  • runs-on: ubuntu-latest
  • outputs:
  •  digests: ${{ steps.hash.outputs.digests }}
    
  • steps:
  •  - uses: actions/checkout@v4
    
  •  # ========================================================
    
  •  #
    
  •  # Step 1: Build your artifacts.
    
  •  #
    
  •  # ========================================================
    
  •  - name: Build artifacts
    
  •    run: |
    
  •        # These are some amazing artifacts.
    
  •        echo "artifact1" > artifact1
    
  •        echo "artifact2" > artifact2
    
  •  # ========================================================
    
  •  #
    
  •  # Step 2: Add a step to generate the provenance subjects
    
  •  #         as shown below. Update the sha256 sum arguments
    
  •  #         to include all binaries that you generate
    
  •  #         provenance for.
    
  •  #
    
  •  # ========================================================
    
  •  - name: Generate subject for provenance
    
  •    id: hash
    
  •    run: |
    
  •      set -euo pipefail
    
  •      # List the artifacts the provenance will refer to.
    
  •      files=$(ls artifact*)
    
  •      # Generate the subjects (base64 encoded).
    
  •      echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
    
  • provenance:
  • needs: [build]
  • permissions:
  •  actions: read   # To read the workflow path.
    
  •  id-token: write # To sign the provenance.
    
  •  contents: write # To add assets to a release.
    
  • uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
  • with:
  •  base64-subjects: "${{ needs.build.outputs.digests }}"
    
  •  upload-assets: true # Optional: Upload to a new release
    

@TalaStar-Digital TalaStar-Digital left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From 051b9c9 Mon Sep 17 00:00:00 2001
From: Kristal Jane Apurado talastarcaringservices@gmail.com
Date: Mon, 18 May 2026 05:54:43 +0100
Subject: [PATCH] Add SLSA generic generator workflow

This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.

.../generator-generic-ossf-slsa3-publish.yml | 66 +++++++++++++++++++
1 file changed, 66 insertions(+)
create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.yml

diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
new file mode 100644
index 0000000..35c829b
--- /dev/null
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:

  • workflow_dispatch:
  • release:
  • types: [created]

+jobs:

  • build:
  • runs-on: ubuntu-latest
  • outputs:
  •  digests: ${{ steps.hash.outputs.digests }}
    
  • steps:
  •  - uses: actions/checkout@v4
    
  •  # ========================================================
    
  •  #
    
  •  # Step 1: Build your artifacts.
    
  •  #
    
  •  # ========================================================
    
  •  - name: Build artifacts
    
  •    run: |
    
  •        # These are some amazing artifacts.
    
  •        echo "artifact1" > artifact1
    
  •        echo "artifact2" > artifact2
    
  •  # ========================================================
    
  •  #
    
  •  # Step 2: Add a step to generate the provenance subjects
    
  •  #         as shown below. Update the sha256 sum arguments
    
  •  #         to include all binaries that you generate
    
  •  #         provenance for.
    
  •  #
    
  •  # ========================================================
    
  •  - name: Generate subject for provenance
    
  •    id: hash
    
  •    run: |
    
  •      set -euo pipefail
    
  •      # List the artifacts the provenance will refer to.
    
  •      files=$(ls artifact*)
    
  •      # Generate the subjects (base64 encoded).
    
  •      echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
    
  • provenance:
  • needs: [build]
  • permissions:
  •  actions: read   # To read the workflow path.
    
  •  id-token: write # To sign the provenance.
    
  •  contents: write # To add assets to a release.
    
  • uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
  • with:
  •  base64-subjects: "${{ needs.build.outputs.digests }}"
    
  •  upload-assets: true # Optional: Upload to a new release
    

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant