Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 1.61 KB

README.md

File metadata and controls

47 lines (38 loc) · 1.61 KB

Adapt sigstore PyPI GitHub Action

CI

This action converts the Sigstore bundles generated by the attest-build-provenance GitHub action into PyPI attestations.

Inputs

See action.yml

inputs:
  bundles:
    description: >-
      Sigstore bundles to convert. Accepts only .jsonl files.
      May contain a glob pattern or list of paths.
    required: true
  output-dir:
    description: >-
      Directory where to store the converted attestations.
      Optional, if omitted a new temporary directory will be
      created and returned as an output.
    required: false

Outputs

Name Description Example
output-dir Absolute path to the directory containing the converted attestations /tmp/aao23HKb2/

Example usage

- name: Create provenances
  id: create-provenances
  uses: actions/attest-build-provenance@v1
  with:
    subject-path: 'dist/*'
- name: Convert provenances
  uses: trailofbits/gh-action-adapt-sigstore-pypi@main
  with:
    bundles: ${{ steps.create-provenances.outputs.bundle-path }}
    output-dir: dist/