-
Notifications
You must be signed in to change notification settings - Fork 136
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Danil-Grigorev <[email protected]>
- Loading branch information
1 parent
54c79ae
commit cb751e1
Showing
2 changed files
with
27 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -204,18 +204,19 @@ The [container workflow](https://github.com/slsa-framework/slsa-github-generator | |
|
||
Inputs: | ||
|
||
| Name | Description | | ||
| -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. | | ||
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') | | ||
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. | | ||
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. | | ||
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` | | ||
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` | | ||
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` | | ||
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`[email protected]` | | ||
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. | | ||
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) | | ||
| Name | Description | | ||
| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. | | ||
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') | | ||
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. | | ||
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. | | ||
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` | | ||
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` | | ||
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` | | ||
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`[email protected]` | | ||
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. | | ||
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) | | ||
| `recursive` | If set, attestation is performed recursively on the image. Usefull when a multi-arch image is used. | | ||
|
||
Secrets: | ||
|
||
|