-
Notifications
You must be signed in to change notification settings - Fork 3
/
action.yml
95 lines (94 loc) · 3.01 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: witness-run
description: "Creates Attestation of CI Process with Witness"
inputs:
witness-install-dir:
description: "Directory to install witness in. The directory will be created if it does not exist"
required: false
default: "./"
archivista-server:
description: "URL of the Archivista server to store or retrieve attestations"
required: false
default: "https://archivista.testifysec.io"
attestations:
description: "Attestations to record"
required: false
default: "environment git github"
attestor-link-export:
description: "Export the attestor link predicate in its own attestation"
required: false
default: "false"
attestor-maven-pom-path:
description: "Path to the Maven POM file"
required: false
attestor-sbom-export:
description: "Export the SBOM predicate in its own attestation"
required: false
default: "false"
attestor-slsa-export:
description: "Export the SLSA predicate in its own attestation"
required: false
default: "false"
enable-sigstore:
description: 'Use Sigstore for attestation'
required: false
default: "true"
command:
description: "command to run"
required: true
certificate:
description: "Path to the signing key's certificate"
required: false
enable-archivista:
description: "Use Archivista to store or retrieve attestations"
required: false
default: "true"
fulcio:
description: "Fulcio address to sign with"
required: false
fulcio-oidc-client-id:
description: "OIDC client ID to use for authentication"
required: false
fulcio-oidc-issuer:
description: "OIDC issuer to use for authentication"
required: false
fulcio-token:
description: "Raw token to use for authentication"
required: false
intermediates:
description: "Intermediates that link trust back to a root of trust in the policy"
required: false
key:
description: "Path to the signing key"
required: false
outfile:
description: "File to which to write signed data. Defaults to stdout"
required: false
product-exclude-glob:
description: "Pattern to use when recording products. Files that match this pattern will be excluded as subjects on the attestation."
required: false
product-include-glob:
description: "Pattern to use when recording products. Files that match this pattern will be included as subjects on the attestation."
required: false
spiffe-socket:
description: "Path to the SPIFFE Workload API socket"
required: false
step:
description: "Name of the step being run"
required: true
timestamp-servers:
description: "Timestamp Authority Servers to use when signing envelope"
required: false
trace:
description: "Enable tracing for the command"
required: false
default: "false"
version:
description: "Version of Witness CLI"
required: false
default: "0.6.0"
workingdir:
description: "Directory from which commands will run"
required: false
runs:
using: "node20"
main: "dist/index.js"