Creating a tamper-proof papertrail for all FTL binaries we build on Github Actions:
$ gh attestation verify pihole-FTL-amd64 -o pi-hole
Loaded digest sha256:67e7d2451a29ff3cd21c4a7c489ac4b1d43993f4a69bf9fbe989dda47f24685e for file://pihole-FTL-amd64
Loaded 1 attestation from GitHub API
✓ Verification succeeded!
sha256:67e7d2451a29ff3cd21c4a7c489ac4b1d43993f4a69bf9fbe989dda47f24685e was attested by:
REPO PREDICATE_TYPE WORKFLOW
pi-hole/FTL https://slsa.dev/provenance/v1 .github/workflows/build.yml@refs/heads/new/artifact_attestations
tested using gh 2.49.2 on Ubuntu 24.04 LTS
Related issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
I have commented my proposed changes within the code.
I am willing to help maintain this change if there are issues with it later.
What does this implement/fix?
Creating a tamper-proof papertrail for all FTL binaries we build on Github Actions:
tested using
gh 2.49.2on Ubuntu 24.04 LTSRelated issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
git rebase)Checklist:
developmentalbranch.