fix: add missing cli flags #1

Workflow file for this run

.github/workflows/goreleaser.yaml at 0d91005

	name: goreleaser

	on:
	push:
	tags:
	- "v*"

	permissions:
	contents: read

	jobs:
	goreleaser:
	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}
	permissions:
	contents: write # for goreleaser/goreleaser-action to create a GitHub release
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
	with:
	go-version: "1.21"
	check-latest: true
	- name: Install Syft
	run: \|
	curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \| sh -s -- -b /usr/local/bin
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Run GoReleaser
	id: run-goreleaser
	uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8
	with:
	version: latest
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	VERSION_LDFLAGS: ${{ steps.ldflags.outputs.version }}
	- name: Generate subject
	id: hash
	env:
	ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
	run: \|
	set -euo pipefail

	checksum_file=$(echo "$ARTIFACTS" \| jq -r '.[] \| select (.type=="Checksum") \| .path')
	echo "hashes=$(cat $checksum_file \| base64 -w0)" >> "$GITHUB_OUTPUT"

	provenance:
	needs: [goreleaser]
	permissions:
	actions: read # To read the workflow path.
	id-token: write # To sign the provenance.
	contents: write # To add assets to a release.
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
	with:
	base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
	upload-assets: true # upload to a new release
	verification:
	needs: [goreleaser, provenance]
	runs-on: ubuntu-latest
	permissions: read-all
	steps:
	- name: Install the verifier
	uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1

	- name: Download assets
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
	run: \|
	set -euo pipefail
	gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
	gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.sbom"
	gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$PROVENANCE"
	- name: Verify assets
	env:
	CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
	PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
	run: \|
	set -euo pipefail
	checksums=$(echo "$CHECKSUMS" \| base64 -d)
	while read -r line; do
	fn=$(echo $line \| cut -d ' ' -f2)
	echo "Verifying $fn"
	slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \
	--source-uri "github.com/$GITHUB_REPOSITORY" \
	--source-tag "$GITHUB_REF_NAME" \
	"$fn"
	done <<<"$checksums"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: add missing cli flags #1

Workflow file

fix: add missing cli flags #1

Jobs

Run details

Workflow file for this run