Skip to content

Commit

Permalink
Update docs
Browse files Browse the repository at this point in the history 
Signed-off-by: Danil-Grigorev <[email protected]>
  • Loading branch information
@Danil-Grigorev
Danil-Grigorev committed Sep 18, 2024
1 parent 54c79ae commit cb751e1
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 18 deletions.
20 changes: 14 additions & 6 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- [Unreleased](#unreleased)
- [Unreleased: Vars context recorded in provenance](#unreleased-vars-context-recorded-in-provenance)
- [Container generator](#container-generator)
- [New Features](#new-features)
- [v2.0.0](#v200)
- [v2.0.0: Breaking Change: upload-artifact and download-artifact](#v200-breaking-change-upload-artifact-and-download-artifact)
- [v2.0.0: Breaking Change: attestation-name Workflow Input and Output](#v200-breaking-change-attestation-name-workflow-input-and-output)
Expand All @@ -33,19 +35,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- [v1.6.0](#v160)
- [Summary of changes](#summary-of-changes)
- [Go builder](#go-builder)
- [New Features](#new-features)
- [Generic generator](#generic-generator)
- [New Features](#new-features-1)
- [Container generator](#container-generator)
- [Generic generator](#generic-generator)
- [New Features](#new-features-2)
- [Container generator](#container-generator-1)
- [Changelog since v1.5.0](#changelog-since-v150)
- [v1.5.0](#v150)
- [Summary of changes](#summary-of-changes-1)
- [Go builder](#go-builder-1)
- [New Features](#new-features-2)
- [Generic generator](#generic-generator-1)
- [New Features](#new-features-3)
- [Container generator](#container-generator-1)
- [Generic generator](#generic-generator-1)
- [New Features](#new-features-4)
- [Container generator](#container-generator-2)
- [New Features](#new-features-5)
- [Changelog since v1.4.0](#changelog-since-v140)
- [v1.4.0](#v140)
- [What's Changed](#whats-changed)
Expand Down Expand Up @@ -112,6 +114,12 @@ duplication."
container generators. The `vars` context cannot affect the build in the Go
builder so it is not recorded.

#### Container generator

##### New Features

- A new [`recursive`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added to allow users to pass `--recursive` option to the provenance attestation, usefull when signing `multi-arch` images.

## v2.0.0

### v2.0.0: Breaking Change: upload-artifact and download-artifact
Expand Down
25 changes: 13 additions & 12 deletions internal/builders/container/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,18 +204,19 @@ The [container workflow](https://github.com/slsa-framework/slsa-github-generator

Inputs:

| Name | Description |
| -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. |
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') |
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. |
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. |
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` |
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` |
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` |
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`[email protected]` |
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. |
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) |
| Name | Description |
| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. |
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') |
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. |
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. |
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` |
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` |
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` |
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`[email protected]` |
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. |
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) |
| `recursive` | If set, attestation is performed recursively on the image. Usefull when a multi-arch image is used. |

Secrets:

Expand Down

0 comments on commit cb751e1

Please sign in to comment.