From 2ca43fa409e85b4773b235fa89f17a870c0fb69e Mon Sep 17 00:00:00 2001 From: Sarisia Date: Fri, 3 May 2024 10:41:06 +0900 Subject: [PATCH] add artifact attestations guide to readme --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index bac4addd..9905f840 100644 --- a/README.md +++ b/README.md @@ -179,6 +179,24 @@ If you have any issues, please let us know in Discussions or Issues. As [Guilded](https://guilded.gg) supports [Discord Webhooks API](https://discord.com/developers/docs/resources/webhook#execute-webhook), you can use Guilded webhook endpoint in the same way as Discord webhook. +### Verifying Artifact Attestations + +This action is shipped with [Artifact attestations](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds#about-verifying-artifact-attestations) +for `action.yml` and `lib/index.js`. + +You can verify these files with [GitHub CLI](https://cli.github.com/): + +``` +$ gh attestation verify --repo sarisia/actions-status-discord lib/index.js +Loaded digest sha256:4cc20dac6053670b29ff3ae8b9ddeafeed73fe79e5ab31fd8e34b6acd44d30c3 for file://lib/index.js +Loaded 1 attestation from GitHub API +✓ Verification succeeded! + +sha256:4cc20dac6053670b29ff3ae8b9ddeafeed73fe79e5ab31fd8e34b6acd44d30c3 was attested by: +REPO PREDICATE_TYPE WORKFLOW +sarisia/actions-status-discord https://slsa.dev/provenance/v1 .github/workflows/release.yml@refs/tags/v.1.14.3-pre.0 +``` + ## FAQ ### `Error: Webhook response: 400: {"sender":["This field is required"]}`