Motivation
- Provide a SLSA3-compliant GitHub Actions workflow to produce provenance for Go releases and enable reproducible, signed builds.
Description
- Add
.github/workflows/go-ossf-slsa3-publish.yml which triggers on workflow_dispatch and release (created), sets permissions: read-all, configures a build job with id-token: write, contents: write, and actions: read, and delegates the build to slsa-framework/slsa-github-generator with go-version: 1.17.
Testing
- Ran
git diff --check --cached and validated the workflow YAML with ruby -e "require 'yaml'; YAML.load_file('.github/workflows/go-ossf-slsa3-publish.yml')", both checks succeeded.
Codex Task
Originally posted by @khen90585-max in khen90585-max/kenzy#6
Motivation
Description
.github/workflows/go-ossf-slsa3-publish.ymlwhich triggers onworkflow_dispatchandrelease(created), setspermissions: read-all, configures abuildjob withid-token: write,contents: write, andactions: read, and delegates the build toslsa-framework/slsa-github-generatorwithgo-version: 1.17.Testing
git diff --check --cachedand validated the workflow YAML withruby -e "require 'yaml'; YAML.load_file('.github/workflows/go-ossf-slsa3-publish.yml')", both checks succeeded.Codex Task
Originally posted by @khen90585-max in khen90585-max/kenzy#6