|
20 | 20 | permissions: read-all |
21 | 21 |
|
22 | 22 | jobs: |
23 | | - # ======================================================================================================================================== |
24 | | - # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. |
25 | | - # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file |
26 | | - #========================================================================================================================================= |
| 23 | + # Generate ldflags dynamically. |
| 24 | + # Optional: only needed for ldflags. |
| 25 | + args: |
| 26 | + runs-on: ubuntu-latest |
| 27 | + outputs: |
| 28 | + commit-date: ${{ steps.ldflags.outputs.commit-date }} |
| 29 | + commit: ${{ steps.ldflags.outputs.commit }} |
| 30 | + version: ${{ steps.ldflags.outputs.version }} |
| 31 | + tree-state: ${{ steps.ldflags.outputs.tree-state }} |
| 32 | + steps: |
| 33 | + - id: checkout |
| 34 | + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # tag=v2.3.4 |
| 35 | + with: |
| 36 | + fetch-depth: 0 |
| 37 | + - id: ldflags |
| 38 | + run: | |
| 39 | + echo "commit-date=$(git log --date=iso8601-strict -1 --pretty=%ct)" >> "$GITHUB_OUTPUT" |
| 40 | + echo "commit=$GITHUB_SHA" >> "$GITHUB_OUTPUT" |
| 41 | + echo "version=$(git describe --tags --always --dirty | cut -c2-)" >> "$GITHUB_OUTPUT" |
| 42 | + echo "tree-state=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)" >> "$GITHUB_OUTPUT" |
| 43 | +
|
| 44 | + # Trusted builder. |
27 | 45 | build: |
28 | 46 | permissions: |
29 | | - id-token: write # To sign. |
30 | | - contents: write # To upload release assets. |
31 | | - actions: read # To read workflow path. |
32 | | - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 |
| 47 | + id-token: write # To sign the provenance. |
| 48 | + contents: write # To upload assets to release. |
| 49 | + actions: read # To read the workflow path. |
| 50 | + needs: args |
| 51 | + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v2.1.0 |
33 | 52 | with: |
34 | | - go-version: 1.24.1 |
35 | | - # ============================================================================================================= |
36 | | - # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects |
37 | | - # ============================================================================================================= |
38 | | - |
| 53 | + go-version: 11.24.1 |
| 54 | + # Optional: only needed if using ldflags. |
| 55 | + evaluated-envs: "COMMIT_DATE:${{needs.args.outputs.commit-date}}, COMMIT:${{needs.args.outputs.commit}}, VERSION:${{needs.args.outputs.version}}, TREE_STATE:${{needs.args.outputs.tree-state}}" |
0 commit comments