istampit-action

iStampit GitHub Action — Timestamp your releases & artifacts

Composite GitHub Action that:

Installs the OpenTimestamps client
Hashes target files
Produces .ots receipts and (optionally) upgrades them against calendars
Lets you upload receipts as workflow artifacts or attach them to GitHub Releases

Usage Demo

Placeholder GIF: add a short capture of stamping a file locally and showing the .ots receipt.

🔧 Usage

jobs:
  stamp:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Timestamp artifacts
        id: stamp
        uses: SinAi-Inc/istampit-action@v1
        with:
          paths: "dist/**/*"
          upgrade: "true"
      - name: Show receipts
        run: |
          echo "Receipts: $"
          python - <<'PY'
import json, os
receipts = json.loads(os.environ['RECEIPTS'])
print('\n'.join(receipts))
PY
        env:
          RECEIPTS: $

📥 Inputs

paths (required) — comma-separated glob(s) of files to stamp.
upgrade (optional, default false) — attempt calendar upgrade for better attestations.

📤 Outputs

receipts — JSON array of generated .ots receipt file paths.

Access with $ (stringified JSON array). Parse as needed.

🔒 Provenance (Optional)

Add SLSA provenance generation to assert build integrity (planned). A future workflow will attach a provenance attestation to each release.

📝 Releases

See CHANGELOG and GitHub Releases:

v1.0.3 – Parser stability, badges corrected, CI self-test green.
v1.0.2 – Manifest fix + branding + outputs via GITHUB_OUTPUT.

📜 License

MIT (wrapper code). OTS client is LGPL-3.0.

The moving tag v1 always points to the latest stable, parser-verified release.

This site is open source. Improve this page.