Skip to content
.github/workflows/generator-generic-ossf-slsa3-publish.yml

feat: integrate service worker and web worker initialization in index… #67

Sign in to view logs

feat: integrate service worker and web worker initialization in index…

feat: integrate service worker and web worker initialization in index… #67

Workflow file for this run

.github/workflows/generator-generic-ossf-slsa3-publish.yml at 2830e08
- name: Download a Build Artifact

Check failure on line 1 in .github/workflows/generator-generic-ossf-slsa3-publish.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/generator-generic-ossf-slsa3-publish.yml

Invalid workflow file 

(Line: 1, Col: 13): A sequence was not expected
uses: actions/[email protected]
with:
# Name of the artifact to download. If unspecified, all artifacts for the run are downloaded.
name: # optional
# IDs of the artifacts to download, comma-separated. Either inputs `artifact-ids` or `name` can be used, but not both.
artifact-ids: # optional
# Destination path. Supports basic tilde expansion. Defaults to $GITHUB_WORKSPACE
path: # optional
# A glob pattern matching the artifacts that should be downloaded. Ignored if name is specified.
pattern: # optional
# When multiple artifacts are matched, this changes the behavior of the destination directories. If true, the downloaded artifacts will be in the same directory specified by path. If false, the downloaded artifacts will be extracted into individual named directories within the specified path.
merge-multiple: # optional, default is false
# The GitHub token used to authenticate with the GitHub API. This is required when downloading artifacts from a different repository or from a different workflow run. If this is not specified, the action will attempt to download artifacts from the current repository and the current workflow run.
github-token: # optional
# The repository owner and the repository name joined together by "/". If github-token is specified, this is the repository that artifacts will be downloaded from.
repository: # optional, default is ${{ github.repository }}
# The id of the workflow run where the desired download artifact was uploaded from. If github-token is specified, this is the run that artifacts will be downloaded from.
run-id: # optional, default is ${{ github.run_id }}
- name: Close Stale Issues
uses: actions/[email protected]
with:
# Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
repo-token: # optional, default is ${{ github.token }}
# The message to post on the issue when tagging it. If none provided, will not mark issues stale.
stale-issue-message: # optional
# The message to post on the pull request when tagging it. If none provided, will not mark pull requests stale.
stale-pr-message: # optional
# The message to post on the issue when closing it. If none provided, will not comment when closing an issue.
close-issue-message: # optional
# The message to post on the pull request when closing it. If none provided, will not comment when closing a pull requests.
close-pr-message: # optional
# The number of days old an issue or a pull request can be before marking it stale. Set to -1 to never mark issues or pull requests as stale automatically.
days-before-stale: # optional, default is 60
# The number of days old an issue can be before marking it stale. Set to -1 to never mark issues as stale automatically. Override "days-before-stale" option regarding only the issues.
days-before-issue-stale: # optional
# The number of days old a pull request can be before marking it stale. Set to -1 to never mark pull requests as stale automatically. Override "days-before-stale" option regarding only the pull requests.
days-before-pr-stale: # optional
# The number of days to wait to close an issue or a pull request after it being marked stale. Set to -1 to never close stale issues or pull requests.
days-before-close: # optional, default is 7
# The number of days to wait to close an issue after it being marked stale. Set to -1 to never close stale issues. Override "days-before-close" option regarding only the issues.
days-before-issue-close: # optional
# The number of days to wait to close a pull request after it being marked stale. Set to -1 to never close stale pull requests. Override "days-before-close" option regarding only the pull requests.
days-before-pr-close: # optional
# The label to apply when an issue is stale.
stale-issue-label: # optional, default is Stale
# The label to apply when an issue is closed.
close-issue-label: # optional
# The labels that mean an issue is exempt from being marked stale. Separate multiple labels with commas (eg. "label1,label2").
exempt-issue-labels: # optional, default is
# The reason to use when closing an issue.
close-issue-reason: # optional, default is not_planned
# The label to apply when a pull request is stale.
stale-pr-label: # optional, default is Stale
# The label to apply when a pull request is closed.
close-pr-label: # optional
# The labels that mean a pull request is exempt from being marked as stale. Separate multiple labels with commas (eg. "label1,label2").
exempt-pr-labels: # optional, default is
# The milestones that mean an issue or a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2").
exempt-milestones: # optional, default is
# The milestones that mean an issue is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the issues.
exempt-issue-milestones: # optional, default is
# The milestones that mean a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the pull requests.
exempt-pr-milestones: # optional, default is
# Exempt all issues and pull requests with milestones from being marked as stale. Default to false.
exempt-all-milestones: # optional, default is false
# Exempt all issues with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the issues.
exempt-all-issue-milestones: # optional, default is
# Exempt all pull requests with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the pull requests.
exempt-all-pr-milestones: # optional, default is
# Only issues or pull requests with all of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels.
only-labels: # optional, default is
# Only issues or pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels.
any-of-labels: # optional, default is
# Only issues with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the issues.
any-of-issue-labels: # optional, default is
# Only pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the pull requests.
any-of-pr-labels: # optional, default is
# Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the issues.
only-issue-labels: # optional, default is
# Only pull requests with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the pull requests.
only-pr-labels: # optional, default is
# The maximum number of operations per run, used to control rate limiting (GitHub API CRUD related).
operations-per-run: # optional, default is 30
# Remove stale labels from issues and pull requests when they are updated or commented on.
remove-stale-when-updated: # optional, default is true
# Remove stale labels from issues when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the issues.
remove-issue-stale-when-updated: # optional, default is
# Remove stale labels from pull requests when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the pull requests.
remove-pr-stale-when-updated: # optional, default is
# Run the processor in debug mode without actually performing any operations on live issues.
debug-only: # optional, default is false
# The order to get issues or pull requests. Defaults to false, which is descending.
ascending: # optional, default is false
# Delete the git branch after closing a stale pull request.
delete-branch: # optional, default is false
# The date used to skip the stale action on issue/pull request created before it (ISO 8601 or RFC 2822).
start-date: # optional, default is
# The assignees which exempt an issue or a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2").
exempt-assignees: # optional, default is
# The assignees which exempt an issue from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the issues.
exempt-issue-assignees: # optional, default is
# The assignees which exempt a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the pull requests.
exempt-pr-assignees: # optional, default is
# Exempt all issues and pull requests with assignees from being marked as stale. Default to false.
exempt-all-assignees: # optional, default is false
# Exempt all issues with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the issues.
exempt-all-issue-assignees: # optional, default is
# Exempt all pull requests with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the pull requests.
exempt-all-pr-assignees: # optional, default is
# Exempt draft pull requests from being marked as stale. Default to false.
exempt-draft-pr: # optional, default is false
# Display some statistics at the end regarding the stale workflow (only when the logs are enabled).
enable-statistics: # optional, default is true
# A comma delimited list of labels to add when an issue or pull request becomes unstale.
labels-to-add-when-unstale: # optional, default is
# A comma delimited list of labels to remove when an issue or pull request becomes stale.
labels-to-remove-when-stale: # optional, default is
# A comma delimited list of labels to remove when an issue or pull request becomes unstale.
labels-to-remove-when-unstale: # optional, default is
# Any update (update/comment) can reset the stale idle time on the issues and pull requests.
ignore-updates: # optional, default is false
# Any update (update/comment) can reset the stale idle time on the issues. Override "ignore-updates" option regarding only the issues.
ignore-issue-updates: # optional, default is
# Any update (update/comment) can reset the stale idle time on the pull requests. Override "ignore-updates" option regarding only the pull requests.
ignore-pr-updates: # optional, default is
# Only the issues or the pull requests with an assignee will be marked as stale automatically.
include-only-assigned: # optional, default is false
# This workflname: Generate SLSA attestation
on:
release:
types: [published]
permissions: write-all
jobs:
attest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
provenance-name: main.js.intoto.jsonl
source-type: file
source-uri: main.js
permissions:
id-token: write
contents: read
ow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow lets you generate SLSA provenance file for your project.
# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
# The project is an initiative of the OpenSSF (openssf.org) and is developed at
# https://github.com/slsa-framework/slsa-github-generator.
# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
name: SLSA generic generator
on:
workflow_dispatch:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
outputs:
digests: ${{ steps.hash.outputs.digests }}
steps:
- uses: actions/checkout@v4
# ========================================================
#
# Step 1: Build your artifacts.
#
# ========================================================
- name: Build artifacts
run: |
# These are some amazing artifacts.
echo "artifact1" > artifact1
echo "artifact2" > artifact2
# ========================================================
#
# Step 2: Add a step to generate the provenance subjects
# as shown below. Update the sha256 sum arguments
# to include all binaries that you generate
# provenance for.
#
# ========================================================
- name: Generate subject for provenance
id: hash
run: |
set -euo pipefail
# List the artifacts the provenance will refer to.
files=$(ls artifact*)
# Generate the subjects (base64 encoded).
echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.build.outputs.digests }}"
upload-assets: true # Optional: Upload to a new release