Skip to content

Commit

Permalink
Merge pull request #357 from AdamKorcz/gradle-slsa-builder
Browse files Browse the repository at this point in the history 
Add initial BYOB-based SLSA-generator
  • Loading branch information
@loosebazooka
loosebazooka authored Apr 15, 2023
2 parents 31d5c23 + ee3a18a commit f7717ec
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions .github/workflows/byob-slsa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# This builds a SLSA provenance statement based on BYOB.
# For now it is under heavy development and is not yet suited for releases.
---
name: SLSA Provenance
on:
- workflow_dispatch

permissions: read-all

env:
GH_TOKEN: ${{ github.token }}
ISSUE_REPOSITORY: ${{ github.repository }}
jobs:
usetrw:
permissions:
contents: write
id-token: write
actions: read
packages: write
uses: AdamKorcz/java-slsa-generator/.github/workflows/gradle-trw.yml@main
with:
rekor-log-public: true
artifact-list: |
./sigstore-java/build/local-maven-repo/dev/sigstore/sigstore-java/GRADLE_VERSION/sigstore-java-GRADLE_VERSION.module,
./sigstore-java/build/libs/sigstore-java-GRADLE_VERSION.jar,
./sigstore-java/build/local-maven-repo/dev/sigstore/sigstore-java/GRADLE_VERSION/sigstore-java-GRADLE_VERSION.pom,
./sigstore-java/build/local-maven-repo/dev/sigstore/sigstore-java/GRADLE_VERSION/sigstore-java-GRADLE_VERSION-sources.jar,
./sigstore-java/build/libs/sigstore-java-GRADLE_VERSION-javadoc.jar

0 comments on commit f7717ec

Please sign in to comment.