.github/workflows/e2e.generic.push.branch1.default.slsa3.yml

.github/workflows/e2e.go.push.branch1.config-ldflags.slsa3.yml #5281

Workflow file for this run

.github/workflows/e2e.generic.push.branch1.default.slsa3.yml at d1bc7b1

	on:
	schedule:
	- cron: "0 3 * * *"
	workflow_dispatch:
	push:
	branches: [branch1]

	permissions: read-all

	concurrency: "e2e.generic.push.branch1.default.slsa3"

	env:
	GH_TOKEN: ${{ secrets.E2E_GENERIC_TOKEN }}
	ISSUE_REPOSITORY: slsa-framework/slsa-github-generator

	jobs:
	push:
	runs-on: ubuntu-latest
	if: github.ref_name == 'main' && (github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch')
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- run: ./.github/workflows/scripts/e2e-push.sh

	shim:
	runs-on: ubuntu-latest
	if: github.event_name == 'push'
	outputs:
	continue: ${{ steps.verify.outputs.continue }}
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- id: verify
	run: \|
	set -euo pipefail

	source "./.github/workflows/scripts/e2e-utils.sh"

	THIS_FILE=$(e2e_this_file)
	BRANCH=$(echo "$THIS_FILE" \| cut -d '.' -f4)
	if [[ "$BRANCH" == "$GITHUB_REF_NAME" ]]; then
	echo "continue=yes" >> "${GITHUB_OUTPUT}"
	fi

	build:
	needs: [shim]
	if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.event.head_commit.message == github.workflow
	outputs:
	binary-name: ${{ steps.build.outputs.binary-name }}
	digest: ${{ steps.hash.outputs.digest }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Setup Bazelisk
	uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3.0.0
	with:
	bazelisk-version: "1.11"
	- name: Build artifact
	id: build
	run: \|
	bazelisk build //:hello
	cp bazel-bin/hello_/hello . # Copy binary from Bazel path to root
	echo "binary-name=hello" >> "${GITHUB_OUTPUT}"
	- name: Upload binary
	uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
	with:
	name: ${{ steps.build.outputs.binary-name }}
	path: ${{ steps.build.outputs.binary-name }}
	if-no-files-found: error
	retention-days: 5
	- name: Generate hash
	shell: bash
	id: hash
	env:
	BINARY_NAME: ${{ steps.build.outputs.binary-name }}
	run: \|
	set -euo pipefail
	echo "digest=$(sha256sum "${BINARY_NAME}" \| base64 -w0)" >> "${GITHUB_OUTPUT}"

	provenance:
	needs: [shim, build]
	if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.event.head_commit.message == github.workflow
	permissions:
	id-token: write # For signing.
	contents: write # For asset uploads.
	actions: read # For the entrypoint.
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@main
	with:
	base64-subjects: "${{ needs.build.outputs.digest }}"
	compile-generator: true

	verify:
	needs: [shim, build, provenance]
	runs-on: ubuntu-latest
	if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.event.head_commit.message == github.workflow
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
	with:
	name: ${{ needs.build.outputs.binary-name }}
	- uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
	with:
	name: ${{ needs.provenance.outputs.provenance-name }}
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: "1.21"
	- env:
	BINARY: ${{ needs.build.outputs.binary-name }}
	PROVENANCE: ${{ needs.provenance.outputs.provenance-name }}
	run: ./.github/workflows/scripts/e2e.generic.default.verify.sh

	if-succeeded:
	runs-on: ubuntu-latest
	needs: [shim, build, provenance, verify]
	if: needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.event.head_commit.message == github.workflow && needs.build.result == 'success' && needs.provenance.result == 'success' && needs.verify.result == 'success'
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- run: ./.github/workflows/scripts/e2e-report-success.sh

	if-failed:
	runs-on: ubuntu-latest
	needs: [shim, build, provenance, verify]
	if: always() && needs.shim.outputs.continue == 'yes' && github.event_name == 'push' && github.event.head_commit.message == github.workflow && (needs.build.result == 'failure' \|\| needs.provenance.result == 'failure' \|\| needs.verify.result == 'failure')
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- run: ./.github/workflows/scripts/e2e-report-failure.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.github/workflows/e2e.go.push.branch1.config-ldflags.slsa3.yml #5281

Workflow file

.github/workflows/e2e.go.push.branch1.config-ldflags.slsa3.yml #5281

Jobs

Run details

Workflow file for this run