From 36e37d99a59f26e0d0afce6d1a78db6db750e3c8 Mon Sep 17 00:00:00 2001 From: Devante7 <166753141+Devante7@users.noreply.github.com> Date: Fri, 12 Apr 2024 02:11:25 -0400 Subject: [PATCH 1/2] Create generator-generic-ossf-slsa3-publish.yml Run ai while offline --- .../generator-generic-ossf-slsa3-publish.yml | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.yml diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml new file mode 100644 index 00000000..a36e782c --- /dev/null +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + - uses: actions/checkout@v3 + + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject for provenance + id: hash + run: | + set -euo pipefail + + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + + provenance: + needs: [build] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release From 2f6e5c4382506e1032dfee6c717f6d0c3c2cb055 Mon Sep 17 00:00:00 2001 From: Devante7 <166753141+Devante7@users.noreply.github.com> Date: Fri, 12 Apr 2024 02:14:06 -0400 Subject: [PATCH 2/2] Add files via upload --- .github/CHANGELOG.pdf | Bin 0 -> 10061 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .github/CHANGELOG.pdf diff --git a/.github/CHANGELOG.pdf b/.github/CHANGELOG.pdf new file mode 100644 index 0000000000000000000000000000000000000000..8e8353de8c662ef38c0bebe0e2e19fa35b580bb2 GIT binary patch literal 10061 zcmb7q1z6P4(lFVN(y;8ZONi1b-3<#Yu+p$dcO#92w3IYRN(utf-3=loB8apC z-=g=v_ult?pYMCVv-__(b7tnu%>Q}joZp{KT}F;qfDeq%*0XiIwg2{K-gwU^d@ukA zaI$!gFD3@ymqXYi;jXBwJq!t#fm=FR!2$fra7P=YEdV4aBn)`^6yFW$3Wqu1d!jcO zE+vr(J@A{;E0NN9o>k_){d7}%3uXW{j%FLO=$Gaq?hZ^w=f_S?=$w1YmOZQB*5E>_ zxy4}A^wh8AmqG^dap`YBf#!8CMKezlk|tb{^}KqE|2X?fCH&-&N0T?22l`>Q>G->0 zPS_9-U(eNKh(oqc+Zv>lsz@4Mq`x+JIA`~jYmV-+oPdupOT0PY((~bF3W2|AiAKn; z`@=ze-a{~;N>6=&P>+~pyHB!JKAVaVKetKK#S zp%7umYKI|inCPiG(}mahs83 zY*w9#6M;nSU>ZE9S8EjVv>9JE`B(nG4p;v-dk=uAa3xO4a1-Th{1)~gH-XMB%Ffsp(*a;kEd z;-`-NQt*ie18SZUYpLf$_x*pT@<)l^*VOBxJh-u7@Y(7ekdX!);IcWtI|L zxPUL3tRI}@v(LOF101<(kazhHM!A(b5dq6&E~D{d^ma-fxP0}Iga=agGd_o^IFP2` zwiH$emYF>QN?=VjDl-VqD!fe0pBQuh^o07pG&-XRWn|eAL*<3Ay>|*IU-NZ1Ow^Ez ze`BZ&#@}7SK!=#fKao+Cabp_7VnXAgG}$nU15>dY88nIK#*)qv7O~L~p|qqlXc^U{)%2^MfTt z5`_wR`WD7II33?AH-(IfIF0e5=UZh`t@m|r{0!jo$D3R1tTYcodS(I>)`LS+G_q{h zCn5y9jI-3OMa5LDqcxQ?@?s|K1tU6NaOHTXJOCQ;6?>i)TzMJD4#MB_A=c?3@peNyNt-T1Vq79O#V)yl&>B^jU?X7i6-Bx@Ukx^jc~ z%L145+}E<`dD#zH*D;L2mjjUJQx9uCAyyS|DEB`S8Ex3MtI}ZxPOjni7c}1Ut|*W^ zYkKWs$g}x=SkCPR1LJsLi6xVt7V{$gH%?ttf{jMWB@WRwuDX>h8xeOA6*USmMlX31p+T>p-m19ty3NgY*>Lh|7z3_gXjh6}AD*b*8%)aGsmIYIPY<=QD;cxf zEagTUJITy4uX70Fk+@#;gGr@S^GwxN`eysRaq}!*iE$6MvCQ;dc_kChQm8sqW|&Gd z;7T9s%}$L+Fp2{*HW>(`j`Wa$>?kB`-gZB&mK zOL)_sa@mb_F#f`ir!#9Pt`g{76~)2I{6|3G}a%Atm{pTx}{WW}ySt@Misri2r{YEK_a-K7@CKm21Y zZitq)iCJN4Rc#H2hpZb}7x8%Bam|;;@a-ewQG+Nk7B+({Y7qqKM5UG7c|z02R>v>> zUgoYen-&a3b&@u*zZKqwE`Ic}9q}RYjL6<@ji@VF+byC&MB`IeZTL`By#L^K5bfI! z+VLjl994<##^F~d&C|rf5UEVy?0e50nLS$|9DoQqN&f`B7t*lS82qi~CO1;|3lA$CyaBWv&=uMQmO_5cgV`Bfa- z+s0cO2Q57VsOseC8B>tx?$cb(N)N+I{7mRqvFy*8?v-j>>5+{LfXhTDnmMKDq?pIX z(a&iuomcxeNSuHGm&^V4cE&=ru>Drq;SM*5yLWNu<8uKP^-oi) ztIZGJcCpQ*{wU*Q*kAuq`D@T5quq;*_^fT1?*|wErKmU6avDm_p$% zD@xYw%m~`$%iaXKpOU9LEJSzk_>5ljv)*`e3we7$j`ia4>lO-yo6V*h z*XT-}^hX8kZhZ5{5;c%GB{h|xgJQ;L>YeQdtjBMr0>@L5)o!t#(^`zuQMjS* z?#exZe=Ga6y_`{Xo;u9t&)F63hy;L8-I@S?O}LwryQ?MK4IucJAnoLcMD@D??#f2Z zyL#{+^6vWoSw^b6I$3JLkpLrRai{d3 zGX7V}lIg}DO2AXG^X`}=?|075AvvJ$Lf{O8(C?1Oh^ZSP%e#0`dP`Q4+vV6b&c>fCvlUEkynt5J4~igpw&N1Vqun zD0@(v1WvE~{~7gv3(=pDslpsk zZ^-|5uC;gA}Dw8-&ulsz~==CqOx5Y=BxlmpfU*{EC>bgYa!tdx_2Y=|3SU;H!6ob|0D)V zg9!MqZq)J)4g#Pe1kl9)SH|Bx|8wqt*Lnf~0U$`^F3ntDkFv~u| zltGY=MUwlkl4W0)kwc~Pv!gb}?vFeAiT(UJOag))3Ku*@CnNG`xVi1+yZp2QWzH5S zS<(SwPQwQip5J_P-o^}OQ*WewIP$&OUDlA^LlDOOaMQX;50*OTAoQN33Om1zH;eah zN>ELDn9@V#BRcbK0bo3mq5JEyGh;4*{hgAdZ$NUH+ky3MPyi$UN~Z6AjLGXv&zK+< z`?lm}t`c6?PvXzcQ~fEDhyggg93RGGvu7223q(E4f7>@g+o(-<)xvQ>hs z5@vsJ7d|;`i1SEUh~jc(oEx53ea(0)k;?Y@SRtPg`Ggzm-5fkoT;Z%|HO*$PX|Z=1 z(MiRer(VT8lkn@AST6r{mTy%`u^3FqHFn>qWsTC6!4KRlRYhLMoLIh6-Cu1S;CJ$c z<@P;m=j$ja_cMypK?O)DAEdC@%Ej#2^C247;_0YWj=JiRakn?555qPl#@o4!ePNY`#|t7Ed-RW@P?hrmj@Va&eC2&&SrV~%hKEd`%Ddmx~GPE)3j!G zu* O@ed1~Ai@G1l$tBV#hgG17rEE=Le6*&bs6#{KJf?>dXI!Y1g~x$7P`<1XBP8E6MrK<> zxFy~xTK6a6E~+`*w?{7r4Ft zBC~_j?f$UZ$0LuPL2sTbyKzRWYlo}!xT*4)wuwbsFD=HThqbDoKw}~3YPZE0f?D#s zr(HW=aV=LZSG~LgpQ@P#JZu;AJ1`+P+gq$QVS-XeGZ-ykr ziGH5SYK(3lufy5e9}Wd);VD4(0{= zM>%t4e@kF=#o`v*3!X&rKKWau|u*Z4N!84gZaO!n6-)yRPF5l$$EAv9`M5z-2Vz=dI zf-eVDSzQ!r6;(q4YOP_@_pY0PkRKI7heC&AjZdht` zY2x}G1|o;@>-n;F;=*w%b$q@*u9q`b=@(_j=&nqvEgK^HF#TZj>K;tW)&jF3-SzaQW_=GBL)h-un1M1i; z9<#sPQ*Y#6p71_-gAa}O^vNbj4pV)^auj0V!u(}`v|YYCZ!*|^mcB~%wsZ{Lq^MQ; z>t}0{s8_P)I$lQ;PaBd9RGDj$!QMvOvq~cnB`v}ZsHACJxWpV2Rc@|DdY4k zDPLMz2~Cfk?`O%HRfcatA9tjpvSm_TtY{~{Sead)xa)^3xMq$oC|~o~$R4|!l@8_y z7C}>So>H_&X40AMcoG4LMe8lOQVxY9DyEx4^``P<>i341L>k$#ya65P?cILRZW5Ed z#~x(&rfLK)-(tHQKs2SEyQt(o>Rb*|*G;ro#f7UWTleQzZ?^ ze-%+La(z+j*sJk<+dMLD%QFy6!$>u1`O47 z?v-*^>{u%Y8iAN$ss#Il#145CQ`LL?iB(mPMtZ*!YZ6u^nnIP2a>E&N)}fDtXn%F4 z?rnBKS5)u)j(uXuw(_p03iGq_;M<5(+_TdxRe%GgzHtYsvfo05S>Ib$BF#f;rLbQ+p2KH|`VZyJIm4S;KHI4Q8D!uuA1vvU zy|&AKBc4VrlIEAmZsc4_8m!NK@c|<(mu4h`2Zvs*-HN8J9JG)5-G(O01RB)2o5Qoj z(z3G;RRJXhg^A0BNlO=}2;$&7&b*JaY5d_T?d1?=XyIy*I%!R}dZCi|Q+u`z0Iw)! zvb{0ZllZAR+ibYA6kYH8HQ&LuT*4z1ZPgEx7N?unU@_xqJdd)G3a;|gv$G5x-Q-kKPof87DC}I{KeKEaA4{mhzqMY3eEw(qB(9r7&aq$#bMg-6#Kz?+!QsB42iP8$IH`jrGRvtC7T{v`drC;O^Z|KYQr2Q;ntjFD@B({%bZ z1K1}l=n?q9tB;bIo7*YvKXBC1{m30Hv%?rzwkoDe=br_c7Tr&`8#!|)9;$xV57W3H zpIoE#+sObE&{W)H5ljpK+%f~YA3YN40S`& zzdxXSJ?K zn}^g!H4^gd6GTBTxP~>5=tc#?=`0Txt!uU~dd^t`GZL}FWJ04C%wHCS(5sg8doCYN zHl1d3K+Ty(W|e*>>VbE=|*Gri0(7Xz~Ftw=+PL49N1Z=Kw@sR?Msn8A<3&3joK`qS6^5B z!egsmxsE+n1f;KN_S=1V2_?!%fZ9@4@Vve_*U%>?b>#nXqe}D$i`H&;c7MMnLZ?!z zaLD$%to4I#Ft&`w;AB)38|iqwQ#XvgqajhzD*0?l$?gm(gHGF$zasJbtAZ76@Y4zr z4g;8QpTJ|zhk7K{&rX1s&O{(nCD>&e=+jSOr&T(dF{AXsX9F+IopH83sJJIiRFpy; z2IzwP@$A{Qf+W{i(rywn?IK}s=E(Pw#j1B)vp$UlPKk=wy6N-vX~|lzCe>x%4)>cS zdFb9Q*@nhl7x%kYr;qf<2Rj(f;HwT3)XbL>iSHGoO*u$~ivP zi3)9Yctp`}T{15fUoE+0b!1P+qo z)C~Ws*~7Dnx>RnkcJH@mzDEAuFdo2P1tgOfa`(sC@>D3cgidif^wCB{>6kZsTTPm# zT6DVVrHA#qgvL}PDU0o;?488f1#ee47`0vpQAB~lf^jXC4uuT52xM~L8A46 zZIQ9qad_&MbEl}OX3P;Tv#a=IuaN1{R>PHGCo`X#TrJoug`(OeQ7FmSpw4AKwSg5| z>p1q)Z}5O{wKMW-#!cLp#$eVn5c<~U1G!SDjH6Uc@_~9E5i{Q6v-zZvg7oVKzL(Z3 z5+Y*Ss686?(3&~pz*@#$wD{vV&b;WDL<>D0_qUkTp^ENuK_(oIv=%+F=3ki2RTk`8 zsP7Z<%g(!XexFQq> zRyTmF(4&sXCo6uUW2?AYgvIq;iuD>+6`0h|76yL37KwMl^l{*Gtm%v>u`-fUwONw$ zp*+}Zc%8BL4MN_{xUfC4xr|_H-SEqDnj$dZlr^_!CjMU8vldiT7WL|)g6aM{wg=a- zVw;eM*rsxfWu@2emEL=Jv4*Rp-SB;Ep{&60jPtIkv-rj_U!L}6pi*Mi8;b-UHE7hu zvT8dTYH3cP@6? z+q?777r6c5Ejo*sV|GS`KPWDdg!#9v{`QQ6BDyTU(xp^$*pfdh6xDacNHM&$h$vCN z309O`tnsYt_&-D(+l4SRidy}&wRnLMmm%SVmolBegHJ+1C39fM$ zouwW*j|BO?9>7~V>ABsonh6M`_TbdaB0QI6L<=$4F1+tk1t}v3E@uNN-Bp zY&%8Q2oLwzliYh_)P|rZy^%|8#mIH3O_qK_EBV<_N|4aEN%L(e>;+Xs@L2ctkaoiP z*UbS^U2mEAp0{kK_1PLwCt9+HEVntCT5ikt9b3e4@R&la=Z?N~EuRz(Ds1g~W#z~3 z>>Gj4e)r|s-M7=T(7OSgY?+e@$vS;!eJ@`0#B&i{Z%l67Vg8JE6ehQq{Eh#WOMDMF zRx6cdn7UUeDayG;%9M4mXJEGJT`hx1{3EZhnFTIYTBhiZTjaXLjAE`@=Cf>>=*0O$ z2VRB^|3hXtc8pj>55({pk=|0X6Gxvyf(a69|ECI12R(P^oK_MBZQ1RsBZBon4JH*1 zj8B+)KW%U$hN&wzsAG}L5eD6W@Ap@Taks|3-Ciu`s_aP}huGn=sO7Gk<)j>F|FUOE&H)b@)%GtSM$j7tU@qORCm`d z-H(&_1+Xphpsp*|`X_8Ba{q$7bpntDt&-?xv+o;~{5`~qSnGd%$#>G8pJk55Fo2Wt zlxUGp|E-SaZQ1&>r?TtMpW2+7v8DnB!gZr;$iAgh-xNA=VWT&U>+9AdBHJaWA1h$q z$ONc~xOAqzHNks0$2|FT8mmgfYFM(MnRS;j#%_CQS#ZAV}w3y>fH7=*QKSvNfNvcbhda zh_TXJl}jl^N^3U%ck8CFM0JIAKj%h&`;F`s_(yW`O$c2H=1)1^5U%0_7eC*=Xx9&q z)jdj8BM_y}WiW~t1W8AUgk(`x%d9xl-zWIh-4=h+rU;9F$#)_iX_BJ9zWQt6L*frz zEvlGT8KRQb`$8?O!e1b1+gV^|$3?`}wrW@W@h*B)t z52;-BgsCfWgVh+n^d8UcDl@*vTG|hvJLwD_3GgO6KS-!$nrIOx#k(af<7@DS*E&)V z@z}j95Y1hOjTFdro7&QRKeVq!RPs4Y793PE(0VY5`Wl;lpARAnCy%2Re)PfIwa!`v zfwAO1=J>?<;}J>N?ftE}B=rA@ii!N&Ubr>_iQ0(gkXDdXm6ugkljlT1My^g)?v|)8 zq&N_2S^!&qW`1;fhdUS zztKQK;d8kD;NX}5)uFjL&0DHhz06u jX=x1>dW!%5X8DT|xgk+;{Nqy*As_^wjZIcf4*&lEVvF#} literal 0 HcmV?d00001