feat: add provenance-name to the outputs (#1844)

Fixes #1842 --------- Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Ian Lewis <ianlewis@google.com>
slsa-framework · Mar 22, 2023 · 66b541d · 66b541d
1 parent bff11de
commit 66b541d
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 3 deletions.
diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml
@@ -83,6 +83,9 @@ on:
       go-binary-name:
         description: "The name of the generated binary uploaded to the artifact registry."
         value: ${{ jobs.build-dry.outputs.go-binary-name }}
+      go-provenance-name:
+        description: "The artifact name of the signed provenance. (A file with the intoto.jsonl extension)."
+        value: ${{ jobs.provenance.outputs.go-provenance-name }}
 
 jobs:
   rng:

diff --git a/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml b/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml
@@ -55,8 +55,8 @@ jobs:
           name: ${{ needs.build.outputs.go-binary-name }}
       - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
+          name: ${{ needs.build.outputs.go-provenance-name }}
       - env:
           BINARY: ${{ needs.build.outputs.go-binary-name }}
-          PROVENANCE: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
+          PROVENANCE: ${{ needs.build.outputs.go-provenance-name }}
         run: ./.github/workflows/scripts/pre-submit.e2e.go.default.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -81,6 +81,7 @@
 #### New Features
 
 - A new [`prerelease`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to create releases marked as prerelease when `upload-assets` is set to `true`.
+- A new output `go-provenance-name` added which can be used to retrieve the name of the provenance file generated by the builder.
 
 ### Generic generator
 

diff --git a/internal/builders/go/README.md b/internal/builders/go/README.md
@@ -16,6 +16,7 @@ This document explains how to use the builder for [Go](https://go.dev/) projects
   - [Migration from GoReleaser](#migration-from-goreleaser)
   - [Multi-platform builds](#multi-platform-builds)
   - [Workflow Inputs](#workflow-inputs)
+  - [Workflow Outputs](#workflow-outputs)
   - [Workflow Example](#workflow-example)
   - [Provenance Example](#provenance-example)
   - [BuildConfig Format](#buildconfig-format)
@@ -190,9 +191,18 @@ The builder workflow [slsa-framework/slsa-github-generator/.github/workflows/bui
 | `go-version`         | yes      |                                         | The go version for your project. This value is passed, unchanged, to the [actions/setup-go](https://github.com/actions/setup-go) action when setting up the environment                                                                                   |
 | `upload-assets`      | no       | true on new tags                        | Whether to upload assets to a GitHub release or not.                                                                                                                                                                                                      |
 | `upload-tag-name`    | no       |                                         | If specified and `upload-assets` is set to true, the provenance will be uploaded to a Github release identified by the tag-name regardless of the triggering event.                                                                                       |
-| `prerelease`    | no       |                                         | If specified and `upload-assets` is set to true, the release is created as prerelease.
+| `prerelease`         | no       |                                         | If specified and `upload-assets` is set to true, the release is created as prerelease.                                                                                                                                                                    |
 | `private-repository` | no       | false                                   | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).                           |
 
+### Workflow Outputs
+
+The builder workflow [slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml) provides the following outputs:
+
+| Name                 | Description                                                                           |
+| -------------------- | ------------------------------------------------------------------------------------- |
+| `go-binary-name`     | The name of the generated binary uploaded to the artifact registry.                   |
+| `go-provenance-name` | The artifact name of the signed provenance. (A file with the intoto.jsonl extension). |
+
 ### Workflow Example
 
 Create a new workflow, e.g., `.github/workflows/slsa-goreleaser.yml`.