github-actions-demo
github-actions-demo copied to clipboard
slsa-framework
Proof-of-concept SLSA provenance generator for GitHub Actions
[](https://renovatebot.com) Welcome to [Renovate](https://togithub.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request....
**Describe the bug** I know this is a demo repository, but if we are expecting people to install on their own systems, we should try to follow security best practices...
More guidance on how to integrate the action is required. We have an action to build a docker container: ``` name: Docker Image CI on: push: branches: [ main ]...
The README mentions this action is applicable for SLSA level 1. This might be a good place to document what would be necessary for further SLSA levels. Looking at the...
This can e.g. be used when the build entrypoint generates files with extra materials, like installed operating system packages or downloaded zip-files. I can type up some more documentation if...
The detection of GitHub-hosted runner vs Self-hosted runner is inaccurate. What we want to know is "did all jobs use GitHub-hosted runners?" Instead, the current code says "does the current...
Fixes #22 Well, it doesn't really fix #22 but it's the best we can do to highlight the issue.
The action does not work because it cannot find the artifact. To reproduce, see https://github.com/MarkLodato/example-build and an [example run](https://github.com/MarkLodato/example-build/runs/2905467820?check_suite_focus=true). The slsa-framework/github-actions-demo@v1 step fails with the following error: Resource path not...
The `recipe.entryPoint` should be the filename under .github/workflows/, e.g. `"example-publish.yaml"`. Currently it is the user-provided `name` value. This is blocked by https://github.com/github/feedback/discussions/4188 since the filename is not available to the...
Metadata
Owner
Metadata
Proof-of-concept SLSA provenance generator for GitHub Actions