diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 000000000..44d5e0038 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,14 @@ +# These are supported funding model platforms + +patreon: # Replace with a single Patreon username +open_collective: # Replace with a single Open Collective username +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry +polar: # Replace with a single Polar username +buy_me_a_coffee: # Replace with a single Buy Me a Coffee username +thanks_dev: # Replace with a single thanks.dev username +custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml new file mode 100644 index 000000000..79ea193f7 --- /dev/null +++ b/.github/workflows/go-ossf-slsa3-publish.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA Go releaser +on: + workflow_dispatch: + release: + types: [created] + +permissions: read-all + +jobs: + # ======================================================================================================================================== + # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. + # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file + #========================================================================================================================================= + build: + permissions: + id-token: write # To sign. + contents: write # To upload release assets. + actions: read # To read workflow path. + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 + with: + go-version: 1.17 + # ============================================================================================================= + # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects + # ============================================================================================================= +