Skip to content

Commit 666ca4d

Browse files
timdittlertimdittler
authored
Merge pull request #66 from Staffbase/provenance
✨ Add Option to configure provenance attestations
2 parents 33642ad + fa7f40d commit 666ca4d

File tree

2 files changed

+26
-20
lines changed

2 files changed

+26
-20
lines changed

README.md

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -105,26 +105,27 @@ jobs:
105105
106106
## Inputs
107107
108-
| Name | Description | Default |
109-
|-----------------------------|--------------------------------------------------------------------------------------------------------------------------------|--------------------------|
110-
| `docker-registry` | Docker Registry | `staffbase.jfrog.io` |
111-
| `docker-image` | Docker Image | |
112-
| `docker-username` | Username for the Docker Registry | |
113-
| `docker-password` | Password for the Docker Registry | |
114-
| `docker-file` | Dockerfile | `./Dockerfile` |
115-
| `docker-build-args` | List of build-time variables | |
116-
| `docker-build-secrets` | List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken) | |
117-
| `docker-build-secret-files` | List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt) | |
118-
| `docker-build-target` | Sets the target stage to build like: "runtime" | |
119-
| `gitops-organization` | GitHub Organization for GitOps | `Staffbase` |
120-
| `gitops-repository` | GitHub Repository for GitOps | `mops` |
121-
| `gitops-user` | GitHub User for GitOps | `Staffbot` |
122-
| `gitops-email` | GitHub Email for GitOps | `[email protected]` |
123-
| `gitops-token` | GitHub Token for GitOps | |
124-
| `gitops-dev` | Files which should be updated by the GitHub Action for DEV, must be relative to the root of the GitOps repository | |
125-
| `gitops-stage` | Files which should be updated by the GitHub Action for STAGE, must be relative to the root of the GitOps repository | |
126-
| `gitops-prod` | Files which should be updated by the GitHub Action for PROD, must be relative to the root of the GitOps repository | |
127-
| `working-directory` | The directory in which the GitOps action should be executed. The docker-file variable should be relative to working directory. | `.` |
108+
| Name | Description | Default |
109+
|-----------------------------|--------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
110+
| `docker-registry` | Docker Registry | `staffbase.jfrog.io` |
111+
| `docker-image` | Docker Image | |
112+
| `docker-username` | Username for the Docker Registry | |
113+
| `docker-password` | Password for the Docker Registry | |
114+
| `docker-file` | Dockerfile | `./Dockerfile` |
115+
| `docker-build-args` | List of build-time variables | |
116+
| `docker-build-secrets` | List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken) | |
117+
| `docker-build-secret-files` | List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt) | |
118+
| `docker-build-target` | Sets the target stage to build like: "runtime" | |
119+
| `docker-build-provenance` | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build | `mode=min,inline-only=true` |
120+
| `gitops-organization` | GitHub Organization for GitOps | `Staffbase` |
121+
| `gitops-repository` | GitHub Repository for GitOps | `mops` |
122+
| `gitops-user` | GitHub User for GitOps | `Staffbot` |
123+
| `gitops-email` | GitHub Email for GitOps | `[email protected]` |
124+
| `gitops-token` | GitHub Token for GitOps | |
125+
| `gitops-dev` | Files which should be updated by the GitHub Action for DEV, must be relative to the root of the GitOps repository | |
126+
| `gitops-stage` | Files which should be updated by the GitHub Action for STAGE, must be relative to the root of the GitOps repository | |
127+
| `gitops-prod` | Files which should be updated by the GitHub Action for PROD, must be relative to the root of the GitOps repository | |
128+
| `working-directory` | The directory in which the GitOps action should be executed. The docker-file variable should be relative to working directory. | `.` |
128129

129130
## Contributing
130131

action.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,10 @@ inputs:
3232
docker-build-target:
3333
description: "Sets the target stage to build"
3434
required: false
35+
docker-build-provenance:
36+
description: "Generate provenance attestation for the build"
37+
required: false
38+
default: 'mode=min,inline-only=true'
3539
gitops-organization:
3640
description: 'GitHub Organization for GitOps'
3741
required: true
@@ -140,6 +144,7 @@ runs:
140144
platforms: linux/amd64
141145
cache-from: type=gha
142146
cache-to: type=gha,mode=max
147+
provenance: ${{ inputs.docker-build-provenance }}
143148

144149
- name: Checkout GitOps Repository
145150
if: inputs.gitops-token != ''

0 commit comments

Comments
 (0)