Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
download-cloud

GitHub Action

Publish Release Assets to Asset Transparency Log

v10

Publish Release Assets to Asset Transparency Log

download-cloud

Publish Release Assets to Asset Transparency Log

Verify assets in a GitHub release against the Asset Transparency Log

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Publish Release Assets to Asset Transparency Log

              
  uses: transparencylog/publish-releases-asset-transparency-action@v10
Learn more about this action in transparencylog/publish-releases-asset-transparency-action

Choose a version

Action to Publish and Verify Release Assets into Asset Transparency Log

This action adds all release assets for a project release on GitHub to the Asset Transparency Log.

You or your users can then later verify GitHub is delivering the correct content to them using Asset Transparency aware tools like tl get or tl verify.

Encouraging your users to Asset Transparency log clients, like tl, provides an additional protection to your users against attacks that might modify release binaries or source code (e.g. GitHub account compromise, man in the middle, etc)

If you aren't familiar with release assets they are this section on a GitHub release page it is the page that looks like this:

screenshot of https://github.com/transparencylog/tl/releases/tag/v0.2.10

Inputs

None

Outputs

verified

The list of verified URLs

failed

The list of URLs that failed to match the asset logs digest

Example Workflow

See example workflow