Support for multiple Go builds #63
Labels
Comments
|
Will need to support some level of parallelism/caching |
|
See slsa-framework/slsa-github-generator-go#51 as well. |
|
We need to decide the format of the output of the trusted builder: JSON or a zip files containing everything Hopefully most users will use the auto-publish option slsa-framework/slsa-github-generator-go#58 |
|
Note that goreleaser supports the following entries in their config file:
Support for these would greatly help teams adopt our SLSA builders, as it'd simplify migration |
ianlewis
added
type:feature
ianlewis
changed the title
laurentsimon
changed the title
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our current config file is inspired by goreleaser's config file but was simplified to show feasibility of the approach. We need to enhance the config file to support multiple builds.
One question to answer is how we will isolate each builds from one another. Note that the strategy.matrix field is not supported by the user workflow when calling a reusable workflow.
We can then include multiple Subject Digests inside provenance. See from https://github.com/gossts/slsa-go/issues/40
The text was updated successfully, but these errors were encountered: