From 87d40c126d42b3e266719ef9c529860aeecc782d Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 4 Sep 2020 16:10:13 +0000 Subject: [PATCH] github: add Asset Transparency action for GitHub releases This adds a GitHub Action to have Helm release inserted into the Asset Transparency log[1]. With these assets in the log it would be great to also recommend users verify their download of helm using the Asset Transparency CLI like this: ``` tl verify https://get.helm.sh/helm-v3.3.1-darwin-amd64.tar.gz helm-v3.3.1-darwin-amd64.tar.gz ``` [1] https://www.transparencylog.com See kubernetes-dev discussion here: https://groups.google.com/g/kubernetes-dev/c/iWr5FiOyU78 Signed-off-by: Brandon Philips --- .github/workflows/asset-transparency.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/asset-transparency.yaml diff --git a/.github/workflows/asset-transparency.yaml b/.github/workflows/asset-transparency.yaml new file mode 100644 index 000000000..7edbea2b0 --- /dev/null +++ b/.github/workflows/asset-transparency.yaml @@ -0,0 +1,18 @@ +name: Publish Release Assets to Asset Transparency Log + +on: + release: + types: [published, created, edited, released] + +jobs: + github_release_asset_transparency_log_publish_job: + runs-on: ubuntu-latest + name: Publish GitHub release asset digests to https://beta-asset.transparencylog.net + steps: + - name: Gather URLs from GitHub release and publish + id: asset-transparency + uses: transparencylog/github-releases-asset-transparency-verify-action@v10 + - name: List verified and published URLs + run: echo "Verified URLs ${{ steps.asset-transparency.outputs.verified }}" + - name: List failed URLs + run: echo "Failed URLs ${{ steps.asset-transparency.outputs.failed }}"