github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/generator/generic/create-base64-subjects-from-file/action.yml

github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/generator/generic/create-base64-subjects-from-file/action.yml (about)

     1  # Copyright 2023 SLSA Authors
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #      http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  name: "Secure subjects file sharing generic generator"
    16  description: "Create a list of subjects from a file"
    17  inputs:
    18    path:
    19      description: "A path to a file containing the base64-subjects."
    20      required: true
    21  outputs:
    22    handle:
    23      description: "Object handle representing the file."
    24      value: "${{ steps.object.outputs.base64 }}"
    25  
    26  runs:
    27    using: "composite"
    28    steps:
    29      - name: Generate random value
    30        id: rng
    31        uses: yogeshkumararora/slsa-github-generator/.github/actions/rng@main
    32  
    33      - name: Generate random name
    34        id: name
    35        shell: bash
    36        env:
    37          UNTRUSTED_PATH: "${{ inputs.path }}"
    38          RNG: "${{ steps.rng.outputs.random }}"
    39        run: |
    40          set -euo pipefail
    41  
    42          name=$(basename "${UNTRUSTED_PATH}")
    43          if [[ -z "${UNTRUSTED_PATH}" ]]; then
    44            echo "error: empty path"
    45            exit 1
    46          fi
    47          echo "artifact_name=${name}-${RNG}" >> "$GITHUB_OUTPUT"
    48          echo "filename=${name}" >> "$GITHUB_OUTPUT"
    49  
    50      - name: Upload file
    51        id: upload
    52        uses: yogeshkumararora/slsa-github-generator/.github/actions/secure-upload-artifact@main
    53        with:
    54          name: "${{ steps.name.outputs.artifact_name }}"
    55          path: "${{ inputs.path }}"
    56  
    57      - name: Create object
    58        id: object
    59        shell: bash
    60        env:
    61          UNTRUSTED_ARTIFACT_NAME: "${{ steps.name.outputs.artifact_name }}"
    62          SHA256: "${{ steps.upload.outputs.sha256 }}"
    63          UNTRUSTED_FILENAME: "${{ steps.name.outputs.filename }}"
    64        run: |
    65          set -euo pipefail
    66  
    67          object="{\"artifact_name\": \"${UNTRUSTED_ARTIFACT_NAME}\", \"sha256\": \"${SHA256}\", \"filename\": \"${UNTRUSTED_FILENAME}\"}"
    68  
    69          if test "$RUNNER_OS" = "macOS"
    70          then
    71              base64_object=$(echo "$object" | base64)
    72          else
    73              base64_object=$(echo "$object" | base64 -w0)
    74          fi
    75          echo "$object" | jq
    76          echo "base64=${base64_object}" >> "$GITHUB_OUTPUT"