*: Add support for GitHub pull request approval attestation #224
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Record change to non-main branch | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'main' | |
| jobs: | |
| create-rsl-entry: | |
| if: github.repository == 'gittuf/gittuf' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Install gittuf | |
| uses: gittuf/gittuf-installer@bb2e6c13c0825057e48e931b686d61c3b6267ef8 | |
| - name: Install gitsign | |
| uses: actions-go/go-install@0607b3e7a61b8f1b55e1169a884804d084db73af | |
| with: | |
| module: github.com/sigstore/gitsign@main | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
| with: | |
| fetch-depth: 0 | |
| - name: Update RSL | |
| run: | | |
| git config --global commit.gpgsign true # Sign all commits | |
| git config --global gpg.x509.program gitsign # Use gitsign for signing | |
| git config --global gpg.format x509 # gitsign expects x509 args | |
| git config --global user.name "${{ github.workflow }}" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git fetch origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log | |
| gittuf rsl record ${{ github.ref }} | |
| git push origin refs/gittuf/reference-state-log:refs/gittuf/reference-state-log |