-
Notifications
You must be signed in to change notification settings - Fork 6
36 lines (35 loc) · 1.38 KB
/
gittuf-rsl-non-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: Record change to non-main branch
on:
push:
branches-ignore:
- 'main'
jobs:
create-rsl-entry:
if: github.repository == 'in-toto/attestation-verifier'
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Install gittuf
uses: gittuf/gittuf-installer@8ce8fbd070477ec72678151e82b82c3d866d9fcd
with:
gittuf-version: main
- name: Install gitsign
uses: actions-go/go-install@0607b3e7a61b8f1b55e1169a884804d084db73af
with:
module: github.com/sigstore/gitsign@main
- name: Checkout repository
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
with:
fetch-depth: 0
- name: Update RSL
run: |
git config --global commit.gpgsign true # Sign all commits
git config --global gpg.x509.program gitsign # Use gitsign for signing
git config --global gpg.format x509 # gitsign expects x509 args
git config --global user.name "${{ github.workflow }}"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git fetch origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log
gittuf rsl record ${{ github.ref }}
git push origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log