Skip to content

trailofbits/gh-action-adapt-sigstore-pypi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github
.github
 
 
convert-attestations
convert-attestations
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Adapt sigstore PyPI GitHub Action

CI

This action converts the Sigstore bundles generated by the attest-build-provenance GitHub action into PyPI attestations.

Inputs

See action.yml

inputs:
  bundles:
    description: >-
      Sigstore bundles to convert. Accepts only .jsonl files.
      May contain a glob pattern or list of paths.
    required: true
  output-dir:
    description: >-
      Directory where to store the converted attestations.
      Optional, if omitted a new temporary directory will be
      created and returned as an output.
    required: false

Outputs

Name Description Example
output-dir Absolute path to the directory containing the converted attestations /tmp/aao23HKb2/

Example usage

- name: Create provenances
  id: create-provenances
  uses: actions/attest-build-provenance@v1
  with:
    subject-path: 'dist/*'
- name: Convert provenances
  uses: trailofbits/gh-action-adapt-sigstore-pypi@main
  with:
    bundles: ${{ steps.create-provenances.outputs.bundle-path }}
    output-dir: dist/

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages