slsa-framework · ramonpetgrave64 · May 17, 2024 · May 15, 2024 · May 15, 2024 · May 16, 2024
@@ -52,9 +52,8 @@ describe("detectWorkflowFromOIDC", () => {
     core.getIDToken.mockClear();
     core.getIDToken.mockReturnValueOnce(jwt);
 
-    const [repo, ref, workflow] = await detect.detectWorkflowFromOIDC(
-      "some/audience",
-    );
+    const [repo, ref, workflow] =
+      await detect.detectWorkflowFromOIDC("some/audience");
     expect(repo).toBe("octo-org/octo-automation");
     expect(ref).toBe("refs/heads/main");
     expect(workflow).toBe(".github/workflows/oidc.yml");
@@ -72,9 +71,8 @@ describe("detectWorkflowFromOIDC", () => {
     core.getIDToken.mockClear();
     core.getIDToken.mockReturnValueOnce(jwt);
 
-    const [repo, ref, workflow] = await detect.detectWorkflowFromOIDC(
-      "some/audience",
-    );
+    const [repo, ref, workflow] =
+      await detect.detectWorkflowFromOIDC("some/audience");
     expect(repo).toBe("vitejs/vite");
     expect(ref).toBe("refs/tags/create-vite@5.0.0-beta.0");
     expect(workflow).toBe(".github/workflows/publish.yml");

@@ -22,7 +22,7 @@ inputs:
       An example is to use `${RNG}-artifact`.
     required: true
   path:
-    description: 'Path to the folder'
+    description: "Path to the folder"
     required: true
 outputs:
   sha256:

@@ -99,7 +99,7 @@ jobs:
     permissions:
       id-token: write # For signing.
       contents: read # For asset uploads.
-      actions: read   # For the entrypoint.
+      actions: read # For the entrypoint.
     uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
     with:
       slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}
@@ -84,7 +84,7 @@ jobs:
     permissions:
       id-token: write # For signing.
       contents: read # For asset uploads.
-      actions: read   # For the entrypoint.
+      actions: read # For the entrypoint.
     uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main
     with:
       slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}

@@ -148,7 +148,7 @@ Secrets should only be high-entropy values. Do not set username or other low-ent
 
 #### Outputs
 
-The outputs from the TCA may be returned to the PW as well. To do this, use the [outputs section](https://github.com/laurentsimon/byob-doc/tree/v0.0.1/.github/workflows/builder_example_slsa3.yml#L61-L67) to define the artifact and the status. Our example uses [additional outputs](https://github.com/laurentsimon/byob-doc/tree/v0.0.1/.github/workflows/builder_example_slsa3.yml#L69-L75) to  provide metadata about the built artifacts and their provenance. We will discuss them in [Section: Upload Attestations](#upload-attestations).
+The outputs from the TCA may be returned to the PW as well. To do this, use the [outputs section](https://github.com/laurentsimon/byob-doc/tree/v0.0.1/.github/workflows/builder_example_slsa3.yml#L61-L67) to define the artifact and the status. Our example uses [additional outputs](https://github.com/laurentsimon/byob-doc/tree/v0.0.1/.github/workflows/builder_example_slsa3.yml#L69-L75) to provide metadata about the built artifacts and their provenance. We will discuss them in [Section: Upload Attestations](#upload-attestations).
 
 #### Important Notes
 

@@ -174,20 +174,20 @@ requirements for [SLSA Build level 3 and above](https://slsa.dev/spec/v1.0/level
 
 This repository hosts the following builders:
 
-| Ecosystem |      Builder      |  Description | Status |
-|:-----------|:-----------------|:------------|:--------|
-| [Go](https://go.dev/) projects | [Go Builder](internal/builders/go/README.md) | Builds and generates provenance for Go projects | [available since v1.0.0](https://github.com/slsa-framework/slsa-github-generator/milestone/1) |
-| [Node.js](https://nodejs.org) projects | [Node.js Builder](internal/builders/nodejs/README.md)   |  Builds and generates provenance for npm packages | [Beta since v1.6.0](https://github.com/slsa-framework/slsa-github-generator/milestone/8). [Expected GA release Sept 2023](https://github.com/slsa-framework/slsa-github-generator/milestone/17)
-| [Maven](https://maven.apache.org/) projects | [Maven builder](internal/builders/maven/README.md) | Build Maven packages and generates provenance. Can be uploaded to [Maven central](https://search.maven.org) | [Beta since v1.9.0](https://github.com/slsa-framework/slsa-github-generator/milestone/14) |
-| [Gradle](https://gradle.org/) projects | [Gradle builder](internal/builders/gradle/README.md) | Build Gradle projects and generates provenance. Can be uploaded to [Maven central](https://search.maven.org) | [Beta since v1.9.0](https://github.com/slsa-framework/slsa-github-generator/milestone/15) |
-| [Bazel](https://bazel.build/) projects | [Bazel builder](internal/builders/bazel/README.md) | Builds [Bazel](https://bazel.build/) projects and generates provenance | [WIP](https://github.com/slsa-framework/slsa-github-generator/milestone/16) |
-| [docker](https://www.docker.com/) images | Container Builder | Builds docker containers and generates provenance. The generated provenance is compatible with [cosign](https://github.com/sigstore/cosign)'s attestation format | [WIP](https://github.com/slsa-framework/slsa-github-generator/milestone/5)  |
-| Any | [Container-based Builder](internal/builders/docker/README.md) | Builds projects whose build pipeline is defined with a Dockerfile | [Beta since v1.7.0](https://github.com/slsa-framework/slsa-github-generator/milestone/16) |
+| Ecosystem                                   | Builder                                                       | Description                                                                                                                                                      | Status                                                                                                                                                                                          |
+| :------------------------------------------ | :------------------------------------------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Go](https://go.dev/) projects              | [Go Builder](internal/builders/go/README.md)                  | Builds and generates provenance for Go projects                                                                                                                  | [available since v1.0.0](https://github.com/slsa-framework/slsa-github-generator/milestone/1)                                                                                                   |
+| [Node.js](https://nodejs.org) projects      | [Node.js Builder](internal/builders/nodejs/README.md)         | Builds and generates provenance for npm packages                                                                                                                 | [Beta since v1.6.0](https://github.com/slsa-framework/slsa-github-generator/milestone/8). [Expected GA release Sept 2023](https://github.com/slsa-framework/slsa-github-generator/milestone/17) |
+| [Maven](https://maven.apache.org/) projects | [Maven builder](internal/builders/maven/README.md)            | Build Maven packages and generates provenance. Can be uploaded to [Maven central](https://search.maven.org)                                                      | [Beta since v1.9.0](https://github.com/slsa-framework/slsa-github-generator/milestone/14)                                                                                                       |
+| [Gradle](https://gradle.org/) projects      | [Gradle builder](internal/builders/gradle/README.md)          | Build Gradle projects and generates provenance. Can be uploaded to [Maven central](https://search.maven.org)                                                     | [Beta since v1.9.0](https://github.com/slsa-framework/slsa-github-generator/milestone/15)                                                                                                       |
+| [Bazel](https://bazel.build/) projects      | [Bazel builder](internal/builders/bazel/README.md)            | Builds [Bazel](https://bazel.build/) projects and generates provenance                                                                                           | [WIP](https://github.com/slsa-framework/slsa-github-generator/milestone/16)                                                                                                                     |
+| [docker](https://www.docker.com/) images    | Container Builder                                             | Builds docker containers and generates provenance. The generated provenance is compatible with [cosign](https://github.com/sigstore/cosign)'s attestation format | [WIP](https://github.com/slsa-framework/slsa-github-generator/milestone/5)                                                                                                                      |
+| Any                                         | [Container-based Builder](internal/builders/docker/README.md) | Builds projects whose build pipeline is defined with a Dockerfile                                                                                                | [Beta since v1.7.0](https://github.com/slsa-framework/slsa-github-generator/milestone/16)                                                                                                       |
 
 There are other available builders using this repository's [BYOB framework](#build-your-own-builder) and not hosted in this repository:
 
-| Ecosystem |      Builder      |  Description | Status |
-|:-----------|:-----------------|:------------|:--------|
+| Ecosystem                                    | Builder                                                                                 | Description                                                               | Status                                                                            |
+| :------------------------------------------- | :-------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | :-------------------------------------------------------------------------------- |
 | [JReleaser](https://jreleaser.org/) projects | [JReleaser builder](https://github.com/jreleaser/release-action/tree/java#slsa-builder) | Builds and generates provenance using [JReleaser](https://jreleaser.org/) | [since v1.0.0-java](https://github.com/jreleaser/release-action/tree/v1.0.0-java) |
 
 If none of these options fit your needs, use a [generator](#generators) as described below:

@@ -22,7 +22,7 @@ inputs:
       An example is to use `${RNG}-artifact`.
     required: true
   path:
-    description: 'Path to the folder'
+    description: "Path to the folder"
     required: true
 outputs:
   sha256:

@@ -16,7 +16,7 @@ name: "Secure subjects file sharing generic generator"
 description: "Create a list of subjects from a file"
 inputs:
   path:
-    description: 'A path to a file containing the base64-subjects.'
+    description: "A path to a file containing the base64-subjects."
     required: true
 outputs:
   handle:

@@ -54,7 +54,7 @@ publishing {
         create<MavenPublication>("maven") {
             artifactId = "test-java-project"
             from(components["java"])
-            
+
             pom {
                 name.set("test-java-project")
                 description.set("Adam's test java project")
@@ -173,7 +173,7 @@ publishing {
                         extension = ext
                     }
                 }
-            }            
+            }
             pom {
                 name.set("test-java-project")
                 description.set("Adams test java project")