gradle/develocity-provenance-governor-actions

# Develocity Provenance Governor 操作 GitHub Actions，用于将 [Develocity Provenance Governor](https://gradle.com/develocity/product/provenance-governor/) 集成到您的 GitHub 工作流中。 ## 发布 ``` uses: gradle/develocity-provenance-governor-actions/publish@main with: attestation-publisher-url: 'https://develocity-provenance-governor.example.com' build-scan-ids: eo5xxyg3drtoc build-scan-queries: 'value:"CI run=${{ github.run_id }}"' subject-type: oci subject-name: java-payment-calculator subject-version: 1.2.3 subject-digest: 1a6b2bf83435f2a9ccd33519ad3e817bf79aee6af1c7a15d26d8a256bfa9cc94 subject-repository-url: develocitytia.jfrog.io/docker-trial ``` 需要 GitHub OIDC token。 必须提供 `build-scan-ids` 或 `build-scan-queries` 其中之一。 可以指定多个 ID 和查询，每行一个。 查询使用 [Develocity 高级查询语法](https://docs.gradle.com/develocity/api-manual/#advanced_search_syntax)。 还有一个 `subject-namespace` 字段，可用于需要它的 subject 类型。 ## 执行 ``` uses: gradle/develocity-provenance-governor-actions/enforce@main with: policy-evaluator-url: 'https://develocity-provenance-governor.example.com' subject-type: oci subject-name: java-payment-calculator subject-version: 1.2.3 subject-digest: 1a6b2bf83435f2a9ccd33519ad3e817bf79aee6af1c7a15d26d8a256bfa9cc94 subject-repository-url: develocitytia.jfrog.io/docker-example-repo policy-scan: ci-enforcement ``` 需要 GitHub OIDC token。 还有一个 `subject-namespace` 字段，可用于需要它的 subject 类型。

标签：Attestations, Develocity, DevSecOps, GitHub Actions, Gradle, JFrog, Lerna, OCI 镜像, OIDC, Policy-as-Code, Provenance Governor, SLSA, 上游代理, 出处证明, 工件证明, 构建扫描, 构建溯源, 漏洞测试, 策略执行, 自动化合规, 自动化攻击, 自动化攻击, 自动笔记, 软件完整性