diff --git a/.github/workflows/create_staging_branch.yaml b/.github/workflows/create_staging_branch.yaml index a40796ad7302c..431a260f90da0 100644 --- a/.github/workflows/create_staging_branch.yaml +++ b/.github/workflows/create_staging_branch.yaml @@ -1,30 +1,28 @@ -name: Create PR staging branch +name: 'Attest Build Provenance' +description: 'Generate provenance attestations for build artifacts' +author: 'GitHub' +branding: + color: 'blue' + icon: 'lock' -on: - pull_request_target: - branches: [main] - types: [opened, synchronize, reopened, edited] - paths: - - "advisories/**" - workflow_dispatch: - -permissions: - contents: write # Required to create and push branches - pull-requests: write # Required to edit PR base branch - -jobs: - ensure-base-is-staging: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: ensure base is staging - env: - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - PR_NUMBER: ${{ github.event.pull_request.number }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -xeo pipefail - BRANCH_NAME="$PR_AUTHOR"/advisory-improvement-"$PR_NUMBER" - git checkout -b "$BRANCH_NAME" - git push origin "$BRANCH_NAME" - gh pr edit --repo ${{ github.repository }} $PR_NUMBER --base "$BRANCH_NAME" +inputs: + subject-path: + description: > + Path to the artifact serving as the subject of the attestation. Must + specify exactly one of "subject-path", "subject-digest", or + "subject-checksums". May contain a glob pattern or list of paths + (total subject count cannot exceed 1024). + required: false + subject-digest: + description: > + Digest of the subject for which provenance will be generated. Must be in + the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify + exactly one of "subject-path", "subject-digest", or "subject-checksums". + required: false + subject-name: + description: > + Subject name as it should appear in the attestation. Required when + identifying the subject with the "subject-digest" input. + subject-checksums: + description: > + Path to checksums file containing digest and name of subjects for