github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/gradle/secure-download-attestations/action.yml

github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/gradle/secure-download-attestations/action.yml (about)

     1  # Copyright 2023 SLSA Authors
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #      http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  name: "Secure attestion download for maven builder"
    16  description: "Download the attestations-directory produced by the Maven builder and verify its SHA256"
    17  inputs:
    18    name:
    19      description: "Name of provenance directory. This is generated by the Maven builder."
    20      required: true
    21    path:
    22      description: "The path to download the attestations directory into. (Must be under the GITHUB_WORKSPACE)"
    23      required: true
    24    sha256:
    25      description: "SHA256 of the file for verification. This is generated by the Maven builder"
    26      required: true
    27  
    28  runs:
    29    using: "composite"
    30    steps:
    31      - name: Download the attestation directory
    32        uses: yogeshkumararora/slsa-github-generator/.github/actions/secure-download-folder@main
    33        with:
    34          name: ${{ inputs.name }}
    35          path: ${{ inputs.path }}
    36          sha256: ${{ inputs.sha256 }}