Skip to content
/ publish-releases-asset-transparency-action Public

A GitHub Action that checks GitHub release assets against the Asset Transparency Log

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

transparencylog/publish-releases-asset-transparency-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

Action to Publish and Verify Release Assets into Asset Transparency Log

This action adds all release assets for a project release on GitHub to the Asset Transparency Log.

You or your users can then later verify GitHub is delivering the correct content by using Asset Transparency aware tools like tl get or tl verify.

Encouraging use of Asset Transparency log clients, like tl, provides additional protection against attacks that modify release binaries or source code (e.g. GitHub account compromise, man in the middle, etc)

If you aren't familiar with release assets they are this section on a GitHub release page:

screenshot of https://github.com/transparencylog/tl/releases/tag/v0.2.10

Inputs

additionalURLs

Optional A space separated list of additional URLs that should be registered besides the the GitHub release assets. Default "".

Outputs

verified

The list of verified URLs

failed

The list of URLs that failed to match the asset logs digest

Example Workflow

See example workflow

About

A GitHub Action that checks GitHub release assets against the Asset Transparency Log

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 8

v11: main: add os.Exit(1) on failed Latest
Aug 20, 2020
+ 7 releases

Packages

No packages published

Languages