Skip to content

Commit cb751e1

Browse files
Danil-GrigorevDanil-Grigorev
committed
Update docs
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
1 parent 54c79ae commit cb751e1

File tree

2 files changed

+27
-18
lines changed

2 files changed

+27
-18
lines changed

CHANGELOG.md

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1111

1212
- [Unreleased](#unreleased)
1313
- [Unreleased: Vars context recorded in provenance](#unreleased-vars-context-recorded-in-provenance)
14+
- [Container generator](#container-generator)
15+
- [New Features](#new-features)
1416
- [v2.0.0](#v200)
1517
- [v2.0.0: Breaking Change: upload-artifact and download-artifact](#v200-breaking-change-upload-artifact-and-download-artifact)
1618
- [v2.0.0: Breaking Change: attestation-name Workflow Input and Output](#v200-breaking-change-attestation-name-workflow-input-and-output)
@@ -33,19 +35,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
3335
- [v1.6.0](#v160)
3436
- [Summary of changes](#summary-of-changes)
3537
- [Go builder](#go-builder)
36-
- [New Features](#new-features)
37-
- [Generic generator](#generic-generator)
3838
- [New Features](#new-features-1)
39-
- [Container generator](#container-generator)
39+
- [Generic generator](#generic-generator)
40+
- [New Features](#new-features-2)
41+
- [Container generator](#container-generator-1)
4042
- [Changelog since v1.5.0](#changelog-since-v150)
4143
- [v1.5.0](#v150)
4244
- [Summary of changes](#summary-of-changes-1)
4345
- [Go builder](#go-builder-1)
44-
- [New Features](#new-features-2)
45-
- [Generic generator](#generic-generator-1)
4646
- [New Features](#new-features-3)
47-
- [Container generator](#container-generator-1)
47+
- [Generic generator](#generic-generator-1)
4848
- [New Features](#new-features-4)
49+
- [Container generator](#container-generator-2)
50+
- [New Features](#new-features-5)
4951
- [Changelog since v1.4.0](#changelog-since-v140)
5052
- [v1.4.0](#v140)
5153
- [What's Changed](#whats-changed)
@@ -112,6 +114,12 @@ duplication."
112114
container generators. The `vars` context cannot affect the build in the Go
113115
builder so it is not recorded.
114116

117+
#### Container generator
118+
119+
##### New Features
120+
121+
- A new [`recursive`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added to allow users to pass `--recursive` option to the provenance attestation, usefull when signing `multi-arch` images.
122+
115123
## v2.0.0
116124

117125
### v2.0.0: Breaking Change: upload-artifact and download-artifact

internal/builders/container/README.md

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -204,18 +204,19 @@ The [container workflow](https://github.com/slsa-framework/slsa-github-generator
204204

205205
Inputs:
206206

207-
| Name | Description |
208-
| -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
209-
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. |
210-
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') |
211-
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. |
212-
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. |
213-
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` |
214-
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` |
215-
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` |
216-
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`my-service-account@my-project.iam.gserviceaccount.com` |
217-
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. |
218-
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) |
207+
| Name | Description |
208+
| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
209+
| `image` | **(Required)** The OCI image name. This must not include a tag or digest. |
210+
| `digest` | **(Required)** The OCI image digest. The image digest of the form '<algorithm>:<digest>' (e.g. 'sha256:abcdef...') |
211+
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. |
212+
| `compile-generator` | Whether to build the generator from source. This increases build time by ~2m.<br>Default: `false`. |
213+
| `private-repository` | Set to true to opt-in to posting to the public transparency log. Will generate an error if false for private repositories. This input has no effect for public repositories. See [Private Repositories](#private-repositories).<br>Default: `false` |
214+
| `continue-on-error` | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false` |
215+
| `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` |
216+
| `gcp-service-account` | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`my-service-account@my-project.iam.gserviceaccount.com` |
217+
| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. |
218+
| `provenance-registry` | If set, provenance is pushed to this registry instead of image registry. (e.g. `gcr.io/my-new-repo`) |
219+
| `recursive` | If set, attestation is performed recursively on the image. Usefull when a multi-arch image is used. |
219220

220221
Secrets:
221222

0 commit comments

Comments
 (0)