From c6bc40f60c1c3f9dede4b9c82292424049268872 Mon Sep 17 00:00:00 2001
From: chaoqun <27287694+OpenWaygate@users.noreply.github.com>
Date: Sat, 25 May 2024 01:09:10 +0800
Subject: [PATCH] :construction_worker: Generate signed build provenance
 attestations

---
 .github/workflows/go-ossf-slsa3-publish.yml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/go-ossf-slsa3-publish.yml b/.github/workflows/go-ossf-slsa3-publish.yml
index 4717853..c84d198 100644
--- a/.github/workflows/go-ossf-slsa3-publish.yml
+++ b/.github/workflows/go-ossf-slsa3-publish.yml
@@ -39,7 +39,7 @@ jobs:
           fetch-depth: 0
       - id: ldflags
         run: |
-          echo "commit-date=$(git log --date=iso8601-strict -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
+          echo "commit-date=$(date -d @$(git log --date=iso8601-strict -1 --pretty=%ct))" >> "$GITHUB_OUTPUT"
           echo "commit=$GITHUB_SHA" >> "$GITHUB_OUTPUT"
           echo "version=$(git describe --tags --always --dirty | cut -c2-)" >> "$GITHUB_OUTPUT"
           echo "tree-state=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)" >> "$GITHUB_OUTPUT"
@@ -57,7 +57,7 @@ jobs:
       matrix:
         os: [linux, windows, darwin]
         arch: [amd64, arm64]
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v2.0.0
     with:
       go-version-file: go.mod
       config-file: .slsa-goreleaser/${{ matrix.os }}-${{ matrix.arch }}.yml
@@ -65,3 +65,16 @@ jobs:
       # =======================================================================================================
       # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
       # =======================================================================================================
+
+  attestation:
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ needs.build.outputs.go-binary-name }}
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: '${{ github.workspace }}/${{ needs.build.outputs.go-binary-name }}'