build-attest #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-attest | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| attestations: write | |
| env: | |
| GH_TOKEN: ${{ github.TOKEN }} | |
| steps: | |
| # Artifacts download | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| (type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \ | |
| && sudo mkdir -p -m 755 /etc/apt/keyrings \ | |
| && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ | |
| && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ | |
| && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ | |
| && sudo apt update \ | |
| && sudo apt install gh -y | |
| gh --version | |
| - run: tree -h -L 2 ./ | |
| - run: | | |
| gh attestation download './README.md' --repo milankomaj/data-livewallpaper | |
| tree -h -L 2 ./ | |
| - name: artifact attest verify | |
| run: | | |
| gh attestation verify './README.md' --repo milankomaj/data-livewallpaper | |
| gh attestation verify './README.md' --owner milankomaj --bundle ./sha256:92ae2c81d25db2a8c0cf834c154616720a64abc4b5f18078ee784bf819c7dfa9.jsonl |