-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for multiple Go builds #63
Comments
Will need to support some level of parallelism/caching |
See slsa-framework/slsa-github-generator-go#51 as well. |
We need to decide the format of the output of the trusted builder: JSON or a zip files containing everything Hopefully most users will use the auto-publish option slsa-framework/slsa-github-generator-go#58 |
Note that goreleaser supports the following entries in their config file:
Support for these would greatly help teams adopt our SLSA builders, as it'd simplify migration |
Our current config file is inspired by goreleaser's config file but was simplified to show feasibility of the approach. We need to enhance the config file to support multiple builds.
One question to answer is how we will isolate each builds from one another. Note that the strategy.matrix field is not supported by the user workflow when calling a reusable workflow.
We can then include multiple Subject Digests inside provenance. See from https://github.com/gossts/slsa-go/issues/40
The text was updated successfully, but these errors were encountered: