From 5b3ea8c75540fe69893b617d8faab773127e7c2d Mon Sep 17 00:00:00 2001
From: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com>
Date: Wed, 19 Jun 2024 19:56:28 -0400
Subject: [PATCH] Create action.yml

Signed-off-by: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com>
---
 .github/workflows/action.yml | 58 ++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/action.yml

diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml
new file mode 100644
index 0000000000..95443daa94
--- /dev/null
+++ b/.github/workflows/action.yml
@@ -0,0 +1,58 @@
+name: 'Attest Build Provenance'
+description: 'Generate provenance attestations for build artifacts'
+author: 'GitHub'
+branding:
+  color: 'blue'
+  icon: 'lock'
+
+inputs:
+  subject-path:
+    description: >
+      Path to the artifact serving as the subject of the attestation. Must
+      specify exactly one of "subject-path" or "subject-digest". May contain a
+      glob pattern or list of paths (total subject count cannot exceed 2500).
+    required: false
+  subject-digest:
+    description: >
+      Digest of the subject for which provenance will be generated. Must be in
+      the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify
+      exactly one of "subject-path" or "subject-digest".
+    required: false
+  subject-name:
+    description: >
+      Subject name as it should appear in the provenance statement. Required
+      unless "subject-path" is specified, in which case it will be inferred from
+      the path.
+  push-to-registry:
+    description: >
+      Whether to push the provenance statement to the image registry. Requires
+      that the "subject-name" parameter specify the fully-qualified image name
+      and that the "subject-digest" parameter be specified. Defaults to false.
+    default: false
+    required: false
+  github-token:
+    description: >
+      The GitHub token used to make authenticated API requests.
+    default: ${{ github.token }}
+    required: false
+
+outputs:
+  bundle-path:
+    description: 'The path to the file containing the attestation bundle(s).'
+    value: ${{ steps.attest.outputs.bundle-path }}
+
+runs:
+  using: 'composite'
+  steps:
+    - uses: actions/attest-build-provenance/predicate@46e4ff8b824dc6ae13c8f92c8ba69907e2d39b4e # predicate@1.1.0
+      id: generate-build-provenance-predicate
+    - uses: actions/attest@8afbcf6e5e31a04f9ef7ca7ee40a0d91e263da5a # v1.3.2
+      id: attest
+      with:
+        subject-path: ${{ inputs.subject-path }}
+        subject-digest: ${{ inputs.subject-digest }}
+        subject-name: ${{ inputs.subject-name }}
+        predicate-type: ${{ steps.generate-build-provenance-predicate.outputs.predicate-type }}
+        predicate: ${{ steps.generate-build-provenance-predicate.outputs.predicate }}
+        push-to-registry: ${{ inputs.push-to-registry }}
+        github-token: ${{ inputs.github-token }}