Fix gittuf workflows #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Record change to non-main branch | |
| on: [pull_request] | |
| jobs: | |
| create-rsl-entry: | |
| if: github.repository == 'in-toto/attestation-verifier' | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Install gittuf | |
| uses: gittuf/gittuf-installer@fe644793aaaa419fef63800d5cf318663aa93105 | |
| - name: Install gitsign | |
| uses: chainguard-dev/actions/setup-gitsign@main | |
| - name: Checkout repository | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b | |
| with: | |
| fetch-depth: 0 | |
| - name: Update RSL | |
| env: | |
| KEY: ${{ secrets.KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git config --global commit.gpgsign true # Sign all commits | |
| git config --global gpg.x509.program gitsign # Use gitsign for signing | |
| git config --global gpg.format x509 # gitsign expects x509 args | |
| git config --global user.name "${{ github.workflow }}" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| gittuf_key_path="/tmp/gittuf-key" | |
| echo "$KEY" > $gittuf_key_path | |
| chmod 600 $gittuf_key_path | |
| git fetch origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log | |
| GITTUF_DEV=1 gittuf dev attest-github --signing-key $gittuf_key_path --repository ${{ github.repository }} --pull-request-number ${{ github.event.pull_request.number }} | |
| gittuf rsl record ${{ github.ref }} | |
| git push origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log | |
| - name: Setup tmate session | |
| if: ${{ failure() }} | |
| uses: mxschmitt/action-tmate@v3 |