Skip to content

Commit a2b56c5

Browse files
strombettastrombetta
committed
Fix SLSA provenance
1 parent 32a8d2d commit a2b56c5

1 file changed

Lines changed: 19 additions & 14 deletions

File tree

.github/workflows/release.yml

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,9 @@ jobs:
271271
272272
sha256sum "${files[@]}" "${sboms[@]}" > dist/SHA256SUMS
273273
minisign -S -s out/minisign.key -m dist/SHA256SUMS
274+
for f in "${files[@]}"; do
275+
minisign -S -s out/minisign.key -m "$f"
276+
done
274277
275278
- name: Publish GitHub Release
276279
uses: softprops/action-gh-release@v2
@@ -280,30 +283,32 @@ jobs:
280283
draft: false
281284
prerelease: ${{ env.PRERELEASE }}
282285
body: |
283-
# Supported architectures:
284-
285-
## 64-bit architecture (x86_64)
286-
[Download bugleos-toolchain-${{ env.VERSION }}-x86_64 toolchain](dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz)
287-
[Download bugleos-toolchain-${{ env.VERSION }}-x86_64 minisign](dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz.minisig)
286+
# Supported architectures
287+
288+
## ![64-bit architecture (x86_64)](https://img.shields.io/badge/arch-x86__64-blue)
289+
- Toolchain: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz
290+
- Signature (minisign): https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz.minisig
291+
292+
## ![ARM64 architecture (aarch64)](https://img.shields.io/badge/arch-aarch64-green)
293+
- Toolchain: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz
294+
- Signature (minisign): https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz.minisig
288295
289-
## ARM 64-bit architecture (aarch64)
290-
[Download bugleos-toolchain-${{ env.VERSION }}-aarch64 toolchain](dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz)
291-
[Download bugleos-toolchain-${{ env.VERSION }}-aarch64 minisign](dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz.minisig)
296+
## Verification
297+
- Public key: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/minisign.pub
298+
- Checksums: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/SHA256SUMS
299+
- Checksums signature: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/SHA256SUMS.minisig
292300
293301
files: |
294302
dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz
295-
dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz.minisig
296-
dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz
297303
dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz.minisig
298-
dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz.asc
299-
dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz.asc
304+
dist/**/bugleos-toolchain-${{ env.VERSION }}-aarch64.tar.gz
305+
dist/**/bugleos-toolchain-${{ env.VERSION }}-x86_64.tar.gz.minisig
300306
dist/bugleos-toolchain-${{ env.VERSION }}-x86_64.spdx.json
301307
dist/bugleos-toolchain-${{ env.VERSION }}-aarch64.spdx.json
302308
dist/bugleos-toolchain-${{ env.VERSION }}-x86_64.cdx.json
303309
dist/bugleos-toolchain-${{ env.VERSION }}-aarch64.cdx.json
304310
dist/SHA256SUMS
305311
dist/SHA256SUMS.minisig
306-
dist/SHA256SUMS.asc
307312
dist/minisign.pub
308313
309314
provenance:
@@ -313,7 +318,7 @@ jobs:
313318
actions: read
314319
id-token: write
315320
contents: write
316-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
321+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0
317322
with:
318323
base64-subjects: "${{ needs.hash-artifacts.outputs.base64_subjects }}"
319324
upload-assets: true

0 commit comments

Comments
 (0)