mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 00:32:34 +01:00
42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
|
---
|
||
|
|
name: slsa
|
||
|
|
on:
|
||
|
|
push:
|
||
|
|
release:
|
||
|
|
types: [published, released]
|
||
|
|
jobs:
|
||
|
|
build:
|
||
|
|
runs-on: ubuntu-latest
|
||
|
|
steps:
|
||
|
|
- run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
|
||
|
|
shell: bash
|
||
|
|
|
||
|
|
- name: checkout repository
|
||
|
|
uses: actions/checkout@master
|
||
|
|
|
||
|
|
- name: create checksum file
|
||
|
|
run: find *.sh distros/* functions/* tests/* Dockerfile Vagrantfile -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha256
|
||
|
|
|
||
|
|
- name: upload artifact
|
||
|
|
uses: actions/upload-artifact@v3
|
||
|
|
with:
|
||
|
|
path: ${{ env.REPOSITORY_NAME }}.sha256
|
||
|
|
|
||
|
|
generate-provenance:
|
||
|
|
needs: build
|
||
|
|
name: generate build provenance
|
||
|
|
runs-on: ubuntu-latest
|
||
|
|
steps:
|
||
|
|
- name: download build artifact
|
||
|
|
uses: actions/download-artifact@v3
|
||
|
|
|
||
|
|
- name: generate provenance
|
||
|
|
uses: slsa-framework/github-actions-demo@v0.1
|
||
|
|
with:
|
||
|
|
artifact_path: artifact/
|
||
|
|
|
||
|
|
- name: upload provenance
|
||
|
|
uses: actions/upload-artifact@v3
|
||
|
|
with:
|
||
|
|
path: build.provenance
|