github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/.github/actions/sign-attestations/action.yml (about) 1 # Copyright 2023 SLSA Authors 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 name: "Sign Attestations" 16 description: "Signs in-toto attestations with Sigstore signing" 17 inputs: 18 attestations: 19 description: "Folder of attestations to sign" 20 required: true 21 payload-type: 22 description: "The in-toto payload type of the attestations" 23 required: false 24 default: "application/vnd.in-toto+json" 25 output-folder: 26 description: "Output folder to place attestations" 27 required: true 28 runs: 29 using: "node20" 30 main: "dist/index.js"