From 1b607cf77ee7c53e170c5a532e38c41810b919ff Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub@stacklok.com>
Date: Tue, 23 Jul 2024 11:29:24 +0200
Subject: [PATCH] Add an example profile for GH attestations

We didn't have an example for the GH attestations ruletype which made it
harder to test and discover bugs.
---
 profiles/github/artifact_attestation_slsa.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 profiles/github/artifact_attestation_slsa.yaml

diff --git a/profiles/github/artifact_attestation_slsa.yaml b/profiles/github/artifact_attestation_slsa.yaml
new file mode 100644
index 0000000..6d7b90a
--- /dev/null
+++ b/profiles/github/artifact_attestation_slsa.yaml
@@ -0,0 +1,18 @@
+---
+# sample policy for validating SLSA provenance attestations
+version: v1
+type: profile
+name: slsa-gh-attestation-provenance
+context:
+  provider: github
+artifact:
+  - type: artifact_attestation_slsa
+    params:
+      tags: ["latest"]
+      name: your-artifact-name
+    def:
+      workflow_repository: https://github.com/yourorg/yourrepo
+      workflow_ref: refs/heads/main
+      signer_identity: .github/workflows/your-workflow.yml
+      event: ["workflow_dispatch"]
+      runner_environment: github-hosted