Skip to content
Matrix Provenances

Complete matrix #10

Sign in to view logs

Complete matrix

Complete matrix #10

Workflow file for this run

.github/workflows/provenance4.yaml at ff9e27b
name: Matrix Provenances
on:
push:
branches:
- "stage0verify"
workflow_dispatch:
branches:
- "stage0verify"
jobs:
build_attest_all:
strategy:
fail-fast: false
matrix:
buildconfig:
- buildconfigs/key_xor_test_app.toml
- buildconfigs/oak_echo_raw_enclave_app.toml
permissions:
actions: read
id-token: write
attestations: write
contents: read
runs-on: ubuntu-20.04
steps:
- name: Mount main branch
uses: actions/checkout@v4
- name: Parse buildconfig
id: parse
run: |
set -euo pipefail
source ./scripts/common
artifact_path="$(tail -1 ${{ matrix.buildconfig }} | grep -oP 'artifact_path = \K(.*)')"
package_name="$(basename ${{ matrix.buildconfig }} .toml)"
builder_digest="$(echo "${DOCKER_IMAGE_REPO_DIGEST}" | cut -d'@' -f2)"
echo "artifact-path=${artifact_path}" >> $GITHUB_OUTPUT
echo "package-name=${package_name}" >> $GITHUB_OUTPUT
echo "builder-digest=${builder_digest}" >> $GITHUB_OUTPUT
- name: Show values
run: |
echo "${{ steps.parse.outputs.artifact-path }}"
echo "${{ steps.parse.outputs.package-name }}"
echo "${{ steps.parse.outputs.builder-digest }}"
- name: Pretend build
id: pretend
run: |
set -euo pipefail
dir="$(dirname ${{ steps.parse.outputs.artifact-path }})"
base="$(basename ${{ steps.parse.outputs.artifact-path }})"
mkdir -p $dir
echo "${base}" > ${{ steps.parse.outputs.artifact-path }}
- name: Show build artifact
run: |
echo "${{ steps.parse.outputs.artifact-path }}"
ls -la "${{ steps.parse.outputs.artifact-path }}"
- name: Attest
id: attest
uses: actions/[email protected]
with:
subject-path: ${{ steps.parse.outputs.artifact-path }}
- name: Show Bundle
run: |
echo "${{ steps.attest.outputs.bundle-path }}"
ls -la "${{ steps.attest.outputs.bundle-path }}"