Open OpenWaygate opened 3 months ago
You mentioned builder_go_slsa3.yml
but I think this is an issue for any other builders that create a release.
for example, the docs for the generic generator show the genererator_generic_slsa3.yml
getting called before the release artifacts are uploaded. So the SLSA workflow is what creates the release, and the user's workflow is uploading the artifacts after the fact.
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#getting-started
Is your feature request related to a problem? Please describe.
builder_go_slsa3.yml
is a reuseable workflow, so I cannot set environment variable when use itThe
upload-assets
job use the defaultGITHUB_TOKEN
, then default releaser isgithub-actions
.Accordingly, if I created a new action with this trigger, it will never be triggered.
Describe the solution you'd like I think this can be resolved with new input, accept a new input GITHUB_TOKEN and use it as environment variable in
upload-assets
Describe alternatives you've considered Convert the reuseable workflow to composite action.
Additional context ~