github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/internal/builders/bazel/action.yml (about) 1 # Copyright 2023 SLSA Authors 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 name: SLSA3 Bazel Builder internal wrapper 16 description: SLSA3 Bazel Builder internal wrapper 17 18 inputs: 19 slsa-workflow-inputs: 20 description: "All the inputs formatted as a JSON map" 21 required: true 22 23 slsa-layout-file: 24 description: "Location to store the layout content" 25 required: true 26 27 # Unused secret inputs. 28 slsa-workflow-secret1: {} 29 slsa-workflow-secret2: {} 30 slsa-workflow-secret3: {} 31 slsa-workflow-secret4: {} 32 slsa-workflow-secret5: {} 33 slsa-workflow-secret6: {} 34 slsa-workflow-secret7: {} 35 slsa-workflow-secret8: {} 36 slsa-workflow-secret9: {} 37 slsa-workflow-secret10: {} 38 slsa-workflow-secret11: {} 39 slsa-workflow-secret12: {} 40 slsa-workflow-secret13: {} 41 slsa-workflow-secret14: {} 42 slsa-workflow-secret15: {} 43 44 runs: 45 using: "composite" 46 steps: 47 # NOTE: the repository is already cloned by the caller, so there's no need to 48 # checkout ourselves. 49 50 - name: Setup Bazelisk 51 id: bazelisk 52 uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3.0.0 53 54 - name: Setup Java 55 id: java 56 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 57 with: 58 distribution: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-distribution }}" 59 java-version: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-version }}" 60 61 - id: build 62 env: 63 TARGETS: ${{ fromJson(inputs.slsa-workflow-inputs).targets }} 64 FLAGS: ${{ fromJson(inputs.slsa-workflow-inputs).flags }} 65 NEEDS_RUNFILES: ${{ fromJson(inputs.slsa-workflow-inputs).needs-runfiles }} 66 INCLUDES_JAVA: ${{ fromJson(inputs.slsa-workflow-inputs).includes-java }} 67 shell: bash 68 run: ./../__TOOL_ACTION_DIR__/build.sh 69 70 # rng generates a random number to avoid name collision in artifacts 71 # when multiple workflows run concurrently. 72 - name: Generate random 16-byte value (32-char hex encoded) 73 id: rng 74 uses: yogeshkumararora/slsa-github-generator/.github/actions/rng@main 75 76 - name: Generate Artifacts 77 id: generate-artifacts 78 uses: yogeshkumararora/slsa-github-generator/.github/actions/secure-upload-folder@main 79 with: 80 name: "${{ steps.rng.outputs.random }}-binaries" 81 path: "./bazel_builder_binaries_to_upload_to_gh_7bc972367cb286b7f36ab4457f06e369" # path-to-artifact(s) 82 83 - name: Echo statement 84 id: confirm 85 shell: bash 86 run: echo "Artifacts uploaded successfully" 87 88 # NOTE: Here we create a JSON file that describes the attestations we want 89 # to create. Each attestation will be created as a separate file, 90 # each with the subjects specified. This allows complicated release 91 # pipelines that output many artifacts to organize the attestations 92 # for those artifacts in a flexible way. 93 - name: Generate layout file 94 id: generate-layout 95 env: 96 SLSA_OUTPUTS_ARTIFACTS_FILE: ${{ inputs.slsa-layout-file }} 97 shell: bash 98 run: ./../__TOOL_ACTION_DIR__/generate-layout.sh