Adds attest provenance

Cyb3r-Jak3 · Jan 26, 2025 · 7f4ebde · 7f4ebde
1 parent eec7958
commit 7f4ebde
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 23 deletions.
diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml
@@ -24,6 +24,9 @@ permissions:
   security-events: write
   actions: write
   packages: write
+  contents: read
+  id-token: write
+  attestations: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -47,16 +50,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
-          cache: false
-
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-          key: go-${{ hashFiles('go.sum') }}
-          restore-keys: |
-            go-
+          cache: true
 
       - name: Install Syft
         run: choco install syft --yes
@@ -98,18 +92,10 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
-          cache: false
+          cache: true
 
       - name: Install Syft
         run: choco install syft --yes
-
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-          key: go-${{ hashFiles('go.sum') }}
-
       - name: Download AutoComplete file
         run: Invoke-WebRequest -Uri https://raw.githubusercontent.com/urfave/cli/v2.25.7/autocomplete/bash_autocomplete -OutFile bash_completion
 
@@ -131,4 +117,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
           CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
           AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+
+      - uses: actions/attest-build-provenance@v2
+        with:
+          subject-checksums: ./cmd/cloudflare-utils/dist/checksums.txt
diff --git a/cmd/cloudflare-utils/.goreleaser.yml b/cmd/cloudflare-utils/.goreleaser.yml
@@ -30,15 +30,15 @@ builds:
     binary: cloudflare-utils
     mod_timestamp: '{{ .CommitTimestamp }}'
     ldflags:
-      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}'
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
       - -extldflags "-static"
 
 
 archives:
-  - format: tar.xz
+  - formats: ['tar.xz']
     format_overrides:
       - goos: windows
-        format: zip
+        formats: ['zip']
     name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
 
 checksum: