-
Notifications
You must be signed in to change notification settings - Fork 2
44 lines (32 loc) · 1.47 KB
/
provenance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: build-attest
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
env:
GH_TOKEN: ${{ github.TOKEN }}
steps:
# Artifacts download
- uses: actions/checkout@v4
- run: |
(type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \
&& sudo mkdir -p -m 755 /etc/apt/keyrings \
&& wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
&& sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
&& sudo apt update \
&& sudo apt install gh -y
gh --version
- run: tree -h -L 2 ./
- run: |
gh attestation download './README.md' --repo milankomaj/data-livewallpaper
tree -h -L 2 ./
- name: artifact attest verify
run: |
gh attestation verify './README.md' --repo milankomaj/data-livewallpaper
gh attestation verify './README.md' --owner milankomaj --bundle ./sha256:92ae2c81d25db2a8c0cf834c154616720a64abc4b5f18078ee784bf819c7dfa9.jsonl