github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/nodejs/secure-package-download/action.yml

github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/nodejs/secure-package-download/action.yml (about)

     1  # Copyright 2023 SLSA Authors
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #      http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  name: "Secure package download for nodejs builder"
    16  description: "Download a package tarball and verify its SHA256"
    17  inputs:
    18    name:
    19      description: "Artifact name. (Note: this is a name given to an upload, not the path or filename)."
    20      required: true
    21    path:
    22      description: "The path to download the package tgz into. (Must be under the GITHUB_WORKSPACE)"
    23      required: true
    24    sha256:
    25      description: "SHA256 of the file for verification."
    26      required: true
    27  
    28  runs:
    29    using: "composite"
    30    steps:
    31      - name: Download the package
    32        uses: yogeshkumararora/slsa-github-generator/.github/actions/secure-download-artifact@main
    33        with:
    34          name: ${{ inputs.name }}
    35          path: ${{ inputs.path }}
    36          sha256: ${{ inputs.sha256 }}