SLSA generic generator #3

	name: Maze generic generator
	on:
	workflow_dispatch:
	release:
	types: [created]

	jobs:
	build:
	runs-on: ubuntu-latest
	outputs:
	digests: ${{ steps.hash.outputs.digests }}

	steps:
	- uses: actions/checkout@v4

	# ========================================================
	#
	# Step 1: Build your artifacts.
	#
	# ========================================================
	- name: Build artifacts
	run: \|
	# Assuming maze0.py is your main script
	cp maze0.py artifact1
	echo "artifact2" > artifact2

	# ========================================================
	#
	# Step 2: Add a step to generate the provenance subjects
	# as shown below. Update the sha256 sum arguments
	# to include all binaries that you generate
	# provenance for.
	#
	# ========================================================
	- name: Generate subject for provenance
	id: hash
	run: \|
	set -euo pipefail

	# List the artifacts the provenance will refer to.
	files=$(ls artifact*)
	# Generate the subjects (base64 encoded).
	hashes=$(sha256sum $files \| base64 -w0)
	echo "hashes=$hashes" >> $GITHUB_ENV

	- name: Set digests output
	run: echo "digests=$hashes" >> $GITHUB_OUTPUT

	provenance:
	needs: [build]
	permissions:
	actions: read # To read the workflow path.
	id-token: write # To sign the provenance.
	contents: write # To add assets to a release.
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
	with:
	base64-subjects: "${{ needs.build.outputs.digests }}"
	upload-assets: true # Optional: Upload to a new release

Provide feedback