You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
Publish Release Assets to Asset Transparency Log
v9
This action adds all release assets for a project release on GitHub to the Asset Transparency Log.
You or your users can then later verify GitHub is delivering the correct content to them using Asset Transparency aware tools like tl get or tl verify.
Encouraging your users to Asset Transparency log clients, like tl, provides an additional protection to your users against attacks that might modify release binaries or source code (e.g. GitHub account compromise, man in the middle, etc)
If you aren't familiar with release assets they are this section on a GitHub release page it is the page that looks like this:
None
The list of verified URLs
The list of URLs that failed to match the asset logs digest
- https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#github-context
- https://docs.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables
- https://docs.github.com/en/actions/reference/events-that-trigger-workflows#release
- https://pkg.go.dev/github.com/google/go-github/v32/github?tab=doc#ReleaseEvent