Skip to content

Commit

Permalink
Add attestation with sbom
Browse files Browse the repository at this point in the history
Signed-off-by: C0D3 M4513R <28912031+C0D3-M4513R@users.noreply.github.com>
  • Loading branch information
C0D3-M4513R committed Jun 10, 2024
1 parent e54df3d commit 50625b1
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ on:
branches: [main]
permissions:
contents: write
id-token: write
attestations: write
actions: read

jobs:
create-release:
Expand Down Expand Up @@ -101,6 +104,26 @@ jobs:
uses: mozilla-actions/sccache-action@v0.0.4
- name: Run build
run: cargo build --target ${{ matrix.target }} --release --package ${{ matrix.package }} --bin ${{ matrix.package }}
- uses: anchore/sbom-action@v0
with:
artifact-name: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
output-file: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
- uses: actions/attest-sbom@v1
with:
subject-path: |
target/${{ matrix.target }}/release/${{ matrix.package }}
target/${{ matrix.target }}/release/${{ matrix.package }}.exe
!target/${{ matrix.target }}/release/deps
!target/${{ matrix.target }}/release/build
!target/${{ matrix.target }}/release/.fingerprint
!target/${{ matrix.target }}/release/examples
!target/${{ matrix.target }}/release/incremental
!target/${{ matrix.target }}/release/.cargo-lock
!target/${{ matrix.target }}/release/*.d
!target/${{ matrix.target }}/release/*.pdb
subject-name: "${{ matrix.package }}-${{ matrix.name }}"
sbom-path: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
push-to-registry: false
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
Expand Down

0 comments on commit 50625b1

Please sign in to comment.