set to sha512

AEnguerrand · Dec 2, 2024 · 4cfe07d · 4cfe07d
1 parent 54203cd
commit 4cfe07d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/sigtstorejs.yaml b/.github/workflows/sigtstorejs.yaml
@@ -20,7 +20,9 @@ jobs:
       - name: Generate dummy package
         run: npm pack
       - name: Generate provenance statement with package as attestation subject
-        run: npx @npmcli/provenance-cli generate aenguerrand-examplepackage12-0.4.0.tgz -o provenance-statement.json --subject-name="pkg:npm/%40aenguerrand/[email protected]"
+        run: |
+          sha512=$(shasum -a 512 aenguerrand-examplepackage12-0.4.0.tgz | awk '{print $1}')
+          npx @npmcli/provenance-cli generate aenguerrand-examplepackage12-0.4.0.tgz -o provenance-statement.json --subject-name="pkg:npm/%40aenguerrand/[email protected]" --subject-digest="$sha512"
       - name: Sign provenance statement
         run: npx @sigstore/cli attest ./provenance-statement.json -o provenance.sigstore.json
       - name: "Verify provenance statement (TODO: Verify source identity)"