Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

minor fixes, updates #354

Merged
merged 5 commits into from
Jun 20, 2022
Merged

minor fixes, updates #354

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1956391
minor fixes, updates
chipzoller Jun 20, 2022
085a98d
Update internal/builders/generic/README.md
chipzoller Jun 20, 2022
6e746b5
Update internal/builders/generic/README.md
chipzoller Jun 20, 2022
7d9ec61
Update internal/builders/generic/README.md
chipzoller Jun 20, 2022
066cc26
Merge branch 'main' into main
laurentsimon Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions internal/builders/generic/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ output:
$ sha256sum artifact1 artifact2 ... | base64 -w0
```

This workflow expects the `base64-subjects` input to decode to a string conforming to the expected output of the `sha256sum` command. Specifically, the decoded output is expected to be comprised of a hash value followed by a space followed by the artifact name.

After you have encoded your digest, add a new job to call the reusable workflow.

```yaml
Expand Down Expand Up @@ -176,19 +178,15 @@ issue](https://github.com/slsa-framework/slsa-github-generator/issues/new/choose

### Workflow Inputs

The builder workflow
[.github/workflows/generator_generic_slsa3.yml](.github/workflows/generator_generic_slsa3.yml) accepts
the following inputs:
The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) accepts the following inputs:

| Name | Required | Description |
| ----------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| `base64-subjects` | yes | Artifacts for which to generate provenance, formatted the same as the output of sha256sum (SHA256 NAME\n[...]) and base64 encoded. |
| `base64-subjects` | yes | Artifact(s) for which to generate provenance, formatted the same as the output of sha256sum (SHA256 NAME\n[...]) and base64 encoded. The encoded value should decode to, for example: `90f3f7d6c862883ab9d856563a81ea6466eb1123b55bff11198b4ed0030cac86 foo.zip` |

### Workflow Outputs

The builder workflow
[.github/workflows/generator_generic_slsa3.yml](.github/workflows/generator_generic_slsa3.yml)
produces the following outputs:
The [generic workflow](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/generator_generic_slsa3.yml) produces the following outputs:

| Name | Description |
| ------------------ | ------------------------------------------ |
Expand All @@ -206,7 +204,7 @@ The project generates SLSA provenance with the following values.
### Provenance Example

The following is an example of the generated proveanance. Provenance is
generated as an [in-toto](https://in-toto.io/) statement with a SLSA predecate.
generated as an [in-toto](https://in-toto.io/) statement with a SLSA predicate.

```json
{
Expand Down