mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-02-14 17:49:58 +00:00
e986dfc0ff
#label:release v2.4.1 How to LGTM this PR: Ensure you have installed the GitHub client from https://cli.github.com. If it is not installed in your `PATH`, set `export GH=/path/to/your/gh` Set your `export GH_TOKEN=...` Use [verify-release.sh](./verify-release.sh) script in this repository: ``` bash verify-release v2.4.1 ``` Once it completes, you will see the last line `Verifying artifact /tmp/tmp.SomeRanDOm/` and do: ```bash sha256sum /tmp/tmp.SomeRanDOm/* | grep -v intoto ``` This will print out the hashes. Compare them to the changes in this PR --------- Signed-off-by: laurentsimon <laurentsimon@google.com>
slsa-verifier setup GitHub Action
This action installs the SLSA verifier and adds it to your PATH.
For more information about slsa-verifier, refer to its documentation.
For more information about SLSA in general, see https://slsa.dev.
Usage
To install a specific version of slsa-verifier, use:
uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1
See https://github.com/slsa-framework/slsa-verifier/releases for the list of available slsa-verifier releases. Only versions greater or equal to 2.0.1 are supported.
This action requires using GitHub-provided Linux runners.