actions/setup-dotnet
1
0
Fork 0
mirror of https://github.com/actions/setup-dotnet.git synced 2024-11-23 12:01:07 +07:00
Code Issues Packages Projects Releases Wiki Activity
ebb714cfd8
setup-dotnet/.github/workflows/generator-generic-ossf-slsa3-publish.yml

69 lines
2.4 KiB
YAML
Raw Normal View History

J (#1) * YAML Formatting at a example workflow YAML Format of the code at 'Example usage' with Environment Variables * Ignore Generated Files in Git PR's * Use v1 tag for setup-dotnet * Update install scripts * Package updates * Update index file * Fix generated index * Honor specified nuget file location (#109) * Honor specified nuget file location * Generate and verify nuget.config * Install sxs with the install-dotnet scripts (#124) * Use dotnet-install scripts for proper sxs * Update dotnet version in testing * Error message cleanup * SxS testing in the dotnet project * Update package lock * Test fixes * Use proper environment variable * Set dotnet root for windows * Add example for SxS testing to Readme * Bump node-fetch from 2.6.0 to 2.6.1 (#127) * Bump node-fetch from 2.6.0 to 2.6.1 Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> * Package and index update * Formatting on installer.test * Updated licenses Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zachary Eisinger <zeisinger@github.com> * Action input text update * DOTNET_ROOT and short generic versions (#131) * Update `@actions/core` Version and move towards uses environment files to talk to runner (#135) * update toolkit version * update licensed * fix typo * Update contributors.md * Bump node-notifier from 8.0.0 to 8.0.1 Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](https://github.com/mikaelbr/node-notifier/compare/v8.0.0...v8.0.1) Signed-off-by: dependabot[bot] <support@github.com> * Add issue and pr templates * Update installer scripts * Resolve comments * Debug * Minor fix * Rework feature request template * Move toolcache cleanup to separated script * Debug * Debug * Debug * Debug * Minor fix * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Minor fix * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Add nuget config file * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Debug * Minor fixes * Remove workflow dispatch event * Minor fix * Debug * Debug * Debug * Minor fix * Minor fix * Minor fix * Minor fix * Minor fix * Minor fix * Rename stages * Rework cleanup script * Set ubuntu-latest * Minor fixes * Add tests * Debug * Minor fix * Debug * Debug * Debug * Update installer scripts * restrict blank issues * Update Linux installer * Include include-prerelease input in action.yml * Implement passing includePrerelase to semver * Add @actions/virtual-environments-owners to CODEOWNERS file * try fixing 5.x issue * work on fixing test * create release * add yesy cases * fix test * Remove unsupported versions of .NET from README. .NET Core 2.2 and 3.0 are no longer supported and should not be in the examples. All versions were changed to pull in the latest revision as people might copy this without checking all accepted version formats and getting the latest revision is good security practice. * Bump y18n from 4.0.0 to 4.0.1 Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com> * Update link to pre-installed runner Software * Improve key names validation for keys from user nuget config * Improve key names validation for keys from user nuget config * Minor fix * Minor fix * Fix index.js * Support nuget.config name formats * Prettier * Build index.js * Minor fix * Minor fix * Rerun build * Automate releasing new versions of the setup-dotnet action * Add workaround to fix BOM-related error during parsing global.json * build dist/index.js * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Bump hosted-git-info from 2.8.8 to 2.8.9 Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9) Signed-off-by: dependabot[bot] <support@github.com> * Use the "publish-action" action * Use permissions as a top-level key * Update installers scripts * Update description for action Fixes #209 by adding a few more terms for search discoverability * Bump ws from 7.3.1 to 7.5.0 Bumps [ws](https://github.com/websockets/ws) from 7.3.1 to 7.5.0. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.3.1...7.5.0) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump lodash from 4.17.20 to 4.17.21 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21) Signed-off-by: dependabot[bot] <support@github.com> * Move toolcache folder * Rework action description * Update link to dotnet environment variables docs Old: https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet#environment-variables New: https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-environment-variables * Bump path-parse from 1.0.6 to 1.0.7 Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Support rollForward option from global.json * Format code * Revert exports in index.js * Fix unit test * Fix unstaged changes in index.js * Minor fix * Fix unit test * Remove hardcoded patch version from unit test * Prettier * Improve condition * Format code * Add check-dist.yml * Fix triggers in licensed.yml * Update installers scripts * Update README.md fix docs * Handle only latestFeature option * Build index.js * Update README.md Fix the README.md file to avoid the .NET CLI repo link that is now the .NET SDK repo. * Bump tmpl from 1.0.4 to 1.0.5 Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. - [Release notes](https://github.com/daaku/nodejs-tmpl/releases) - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) --- updated-dependencies: - dependency-name: tmpl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Update dependencies * Update installer scripts * Update deps with force * Revert jest version * Update jest * Support multiple versions in single invocation (#240) * Fix a space in the documentation (#248) * Warn users when installing EOL .NET versions (#245) * Fix the Licensed workflow (#258) * Moved checkout above setup step to align with the other samples (#256) * Avoiding installing the same version multiple times (#252) * Updated dotnet-install scripts to latest version * Update node version to v16 * Update dependencies * Update licenses * Update docs to v2 (#278) * Update docs to v2 * Bump checkout action to v3 * Update installer scripts * Replace v2 to vX on the docs, minor fixes * Remove extra whitespace * switch side by side testing example to single setup step (#283) * Add code of conduct * add global-json-file input (#276) * support specifying global.json location with global-json-file input * add test workflow jobs for global.json usage * fix typo in global-json-file description Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com> Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com> * Update vulnerable packages * Update @zeit/ncc to @vercel/ncc (#290) * update @zeit/ncc to @vercel/ncc * rebuild project * v3 adr * Create codeql-analysis.yml * Don't need C# analysis for CodeQL * updated local installation scripts * updated guide * chore(deps-dev): migrate husky config to v8 Follow: https://github.com/typicode/husky-4-to-8 - npm install husky --save-dev - npx husky-init - npm exec -- github:typicode/husky-4-to-8 --remove-v4-config * ci: add `--ignore-scripts` argument * advice on updating installers * refactor: use core.getBooleanInput() * chore: set include-prerelease to false on default * test: add include-prerelease env on test * rephased docs * Update docs/contributors.md Co-authored-by: Ivan <98037481+IvanZosimov@users.noreply.github.com> * Grammar fixes * Update ADR date * Update actions version in package json * Run update installers * Rework * ADR change (#1) * Update ADR proposal ADR proposal was updated in order to reflect cahnges that will be done more thoroughly. * Fix formatting * Set status accepted * Create generator-generic-ossf-slsa3-publish.yml Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: No Name Pro <noname.pro.nn@gmail.com> Co-authored-by: Zachary Eisinger <zeisinger@github.com> Co-authored-by: Thomas Boop <thboop@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com> Co-authored-by: Vladimir Safonkin <vsafonkin@github.com> Co-authored-by: Maxim Lobanov <maxim-lobanov@github.com> Co-authored-by: Dmitry Shibanov <dmitry-shibanov@github.com> Co-authored-by: GGG KILLER <gggkiller2@gmail.com> Co-authored-by: Andreas Offenhaeuser <anoff@users.noreply.github.com> Co-authored-by: Alena Sviridenko <alenasviridenko@github.com> Co-authored-by: MaksimZhukov <v-mazhuk@microsoft.com> Co-authored-by: Sergey Dolin <v-sedoli@micorosoft.com> Co-authored-by: Maxim Lobanov <v-malob@microsoft.com> Co-authored-by: Darii Nurgaleev <50947177+Darleev@users.noreply.github.com> Co-authored-by: Tim Heuer <tim@timheuer.com> Co-authored-by: Aleksandr Chebotov <v-aleche@microsoft.com> Co-authored-by: George Chakhidze <0xfeeddeadbeef@gmail.com> Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com> Co-authored-by: Thomas Pisula <12602834+tomp736@users.noreply.github.com> Co-authored-by: MaksimZhukov <46996400+MaksimZhukov@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: La'Kaleigh Harris <35268101+Xlient@users.noreply.github.com> Co-authored-by: Pure Krome <github@world-domination.com.au> Co-authored-by: Thomas Ardal <thomasardal@gmail.com> Co-authored-by: Adam Ralph <adam@adamralph.com> Co-authored-by: Jeremy Sinclair <4016293+snickler@users.noreply.github.com> Co-authored-by: Owen Smith <owen@omsmith.ca> Co-authored-by: Dmitry Shibanov <shibanov-1997@inbox.ru> Co-authored-by: Evgenii Korolevskii <e-korolevskii@github.com> Co-authored-by: Marko Zivic <100996310+marko-zivic-93@users.noreply.github.com> Co-authored-by: Nogic <24802730+nogic1008@users.noreply.github.com> Co-authored-by: Evgenii Korolevskii <102794661+e-korolevskii@users.noreply.github.com> Co-authored-by: Ivan <98037481+IvanZosimov@users.noreply.github.com> Co-authored-by: panticmilos <panticmilos@github.com>
2022-09-15 14:10:08 +07:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow lets you generate SLSA provenance file for your project.
# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
# The project is an initiative of the OpenSSF (openssf.org) and is developed at
# https://github.com/slsa-framework/slsa-github-generator.
# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
name: SLSA generic generator
on:
workflow_dispatch:
release:
types: [created]
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
outputs:
digests: ${{ steps.hash.outputs.digests }}
steps:
- uses: actions/checkout@v3
# ========================================================
#
# Step 1: Build your artifacts.
#
# ========================================================
- name: Build artifacts
run: |
# These are some amazing artifacts.
echo "artifact1" > artifact1
echo "artifact2" > artifact2
# ========================================================
#
# Step 2: Add a step to generate the provenance subjects
# as shown below. Update the sha256 sum arguments
# to include all binaries that you generate
# provenance for.
#
# ========================================================
- name: Generate subject
id: hash
run: |
set -euo pipefail
# List the artifacts the provenance will refer to.
files=$(ls artifact*)
# Generate the subjects (base64 encoded).
echo "::set-output name=digests::$(sha256sum $files | base64 -w0)"
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0
with:
base64-subjects: "${{ needs.build.outputs.digests }}"
upload-assets: true # Optional: Upload to a new release
Reference in New Issue Copy Permalink