SLSA on Move
Overview
SLSA on Move is a GitHub workflow action developed for the Move language. After building the smart contract source, it creates signed provenance using the generated artifact with generator_generic_slsa3.yml. Then, it sends the information required to create a transaction to SLSA on Blockchain. The created transaction is returned to SLSA on Move, where it is verified and then deployed to the blockchain.
Example
Publish
Workflow Inputs
Name | Description |
---|---|
move-compiler | Select a CLI to compile the Move language. Examples include tools such as sui and other chains. |
move-directory | The root directory of the Move project refers to the directory containing the Move.toml file. |
Example
bash
name: Publish
on:
release:
types:
- published
permissions:
actions: read
contents: write
id-token: write
jobs:
build:
uses: zktx-io/slsa-on-move/.github/workflows/generator_generic_slsa3.yml@main
with:
move-compiler: 'sui'
move-directory: 'smartcontract root folder'
Upgrade
Create an Upgrade.toml
file in the same location as Move.toml
and add the necessary information for the upgrade.
Name | Description |
---|---|
package_id | Published Packaged Object ID |
upgrade_cap | Upgrade Object ID This input is used only for Sui. |
toml
[upgrade]
package_id = "Published Package Object ID"
upgrade_cap = "Upgrade Cap Id of Package"
Verification
in development
Marketplace
SLSA on Move is currently registered and maintained on the GitHub Marketplace. You can check it out using the link below.
Github
Get started with SLSA on Move and learn by github