Update go-ossf-slsa3-publish.yml

.github/workflows/go-ossf-slsa3-publish.yml

@@ -1,43 +1,57 @@
-name: SLSA Go Releaser
-
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you compile your Go project using a SLSA3 compliant builder.
+# This workflow will generate a so-called "provenance" file describing the steps
+# that were performed to generate the final binary.
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA Go releaser
 on:
+  workflow_dispatch:
   release:
-    types:
-      - created
+    types: [created]
 
-jobs:
-  build_windows:
-    runs-on: windows-latest
+permissions: read-all
 
+jobs:
+  # ========================================================================================================================================
+  #   Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project.
+  #    See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file
+  #=========================================================================================================================================
+  build:
+    permissions:
+      id-token: write # To sign.
+      contents: write # To upload release assets.
+      actions: read  # To read workflow path.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
+    with:
+      go-version: 1.17
+      # =============================================================================================================
+      #   Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
+      # =============================================================================================================
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
     steps:
-    - name: Checkout Repository
-      uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v2
 
-    - name: Set up Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: 1.19
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19
 
-    - name: Run SLSA Go Generator (Windows)
-      uses: slsa-framework/[email protected]
-      with:
-        go-version: 1.19
-        # add any other necessary configuration here
+      - name: Install GoReleaser
+        run: |
+          curl -sfL https://install.goreleaser.com/install-goreleaser.sh | sh
 
-  build_linux:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout Repository
-      uses: actions/checkout@v2
-
-    - name: Set up Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: 1.19
-
-    - name: Run SLSA Go Generator (Linux)
-      uses: slsa-framework/[email protected]
-      with:
-        go-version: 1.19
-        # add any other necessary configuration here
+      - name: Release
+        run: |
+          goreleaser --config .goreleaser.yml