Skip to content

.github/workflows/e2e.container-based.workflow_dispatch.main.adversarial-builder-binary.slsa3.yml #24

.github/workflows/e2e.container-based.workflow_dispatch.main.adversarial-builder-binary.slsa3.yml

.github/workflows/e2e.container-based.workflow_dispatch.main.adversarial-builder-binary.slsa3.yml #24

on:
# Only triggered manually for pre-release.
workflow_dispatch:
permissions: read-all
jobs:
provenance:
permissions:
id-token: write # For signing.
contents: write # For asset uploads.
actions: read # For the entrypoint.
# Update the reference in this line with the builder's version to test.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
builder-image: "bash"
builder-digest: "sha256:9e2ba52487d945504d250de186cb4fe2e3ba023ed2921dd6ac8b97ed43e76af9"
config-path: ".github/configs-docker/config.toml"
provenance-name: attestation.intoto
if-succeeded:
runs-on: ubuntu-latest
needs: [provenance]
if: needs.provenance.result == 'success'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: |
set -euo pipefail
echo "This test should fail"
exit 1