Skip to content

Commit

Permalink
README: 3.0.0
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
@woodruffw
woodruffw committed Jun 17, 2024
1 parent dcf3da8 commit 7ca7740
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
```
Expand All @@ -53,15 +53,15 @@ provided unless [release-signing-artifacts](#release-signing-artifacts) is set t
To sign one or more files:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file0.txt file1.txt file2.txt
```

The `inputs` argument also supports file globbing:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: ./path/to/inputs/*.txt
```
Expand All @@ -70,7 +70,7 @@ Multiple lines are fine, and whitespace in filenames can also be escaped using
POSIX shell lexing rules:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: |
./path/to/inputs/*.txt
Expand All @@ -90,7 +90,7 @@ The `identity-token` setting controls the OpenID Connect token provided to Fulci
workflow will use the credentials found in the GitHub Actions environment.

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
identity-token: ${{ IDENTITY_TOKEN }} # assigned elsewhere
Expand All @@ -106,7 +106,7 @@ Server during OAuth2.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
oidc-client-id: alternative-sigstore-id
Expand All @@ -122,7 +122,7 @@ Connect Server during OAuth2.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
oidc-client-secret: alternative-sigstore-secret
Expand All @@ -138,7 +138,7 @@ when signing multiple input files.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
signature: custom-signature-filename.sig
Expand All @@ -147,7 +147,7 @@ Example:
However, this example is invalid:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file0.txt file1.txt file2.txt
signature: custom-signature-filename.sig
Expand All @@ -163,7 +163,7 @@ work when signing multiple input files.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
certificate: custom-certificate-filename.crt
Expand All @@ -172,7 +172,7 @@ Example:
However, this example is invalid:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file0.txt file1.txt file2.txt
certificate: custom-certificate-filename.crt
Expand All @@ -188,7 +188,7 @@ when signing multiple input files.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
bundle: custom-bundle.sigstore
Expand All @@ -197,7 +197,7 @@ Example:
However, this example is invalid:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file0.txt file1.txt file2.txt
certificate: custom-bundle.sigstore
Expand All @@ -213,7 +213,7 @@ instead of the default production instances.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
staging: true
Expand All @@ -236,7 +236,7 @@ and `verify-oidc-issuer` settings. Failing to pass these will produce an error.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
verify: true
Expand All @@ -259,7 +259,7 @@ This setting may only be used in conjunction with `verify-oidc-issuer`.
Supplying it without `verify-oidc-issuer` will produce an error.

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
verify: true
Expand All @@ -284,7 +284,7 @@ Supplying it without `verify-cert-identity` will produce an error.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
verify: true
Expand All @@ -306,7 +306,7 @@ workflow artifact retention period is used.
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
upload-signing-artifacts: true
Expand Down Expand Up @@ -335,7 +335,7 @@ permissions:
# ...
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
release-signing-artifacts: true
Expand All @@ -351,7 +351,7 @@ permissions:
# ...
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
# Only valid on release events
release-signing-artifacts: true
Expand All @@ -378,7 +378,7 @@ permissions:
Example:

```yaml
- uses: sigstore/gh-action-sigstore-python@v2.1.1
- uses: sigstore/gh-action-sigstore-python@v3.0.0
with:
inputs: file.txt
internal-be-careful-debug: true
Expand Down

0 comments on commit 7ca7740

Please sign in to comment.