Example project builds a simple binary using a variety of SLSA-compliant builders.
The code is built using bazelisk build:
- Bazelisk reads .bazelversion, fetches the correct version of Bazel, and
then runs
bazel build. - Bazel reads WORKSPACE, fetches the rules_go module, and then compiles the
hellobinary.
For GitHub Actions-based builds, the artifact is uploaded using actions/upload-artifact.
- github-actions-demo.yaml (results): SLSA 1 provenance generated on GitHub Actions using https://github.com/slsa-framework/github-actions-demo.
- slsa-github-generator.yaml (results): SLSA 2 provenance generated on GitHub Actions using https://github.com/slsa-framework/slsa-github-generator.
| Event | Name | Status |
|---|---|---|
| create |  |
|
| push | default branch |  |
| custom publish |  |
|
| Node 16 |  |
|
| Node 18 |  |
|
| npm dist-tag |  |
|
| non-default branch |  |
|
| push to tag |  |
|
| push to tag (unscoped package) |  |
|
| release |  |
|
| workflow_dispatch |  |
| Event | Name | Status |
|---|---|---|
| create | default |  |
| with sha1 |  |
|
| push | default branch |  |
| push to tag |  |
|
| release | default |  |
| With sha1 |  |
|
| workflow_dispatch | default branch |  |
| default branch w/ sha1 |  |
|
| non-default branch |  |
|
| non-default branch w/ sha1 |  |
| Event | Status |
|---|---|
| workflow_dispatch |  |
| release |  |
| create |  |
| push |  |
| tag |  |