Skip to content
This repository has been archived by the owner on Dec 10, 2024. It is now read-only.

build: update slsa-framework/slsa-github-generator digest to 92ceddd #176

build: update slsa-framework/slsa-github-generator digest to 92ceddd

build: update slsa-framework/slsa-github-generator digest to 92ceddd #176

Workflow file for this run

name: app
on:
push:
branches:
- '**'
env:
KUBECTL_VERSION: "v1.29.2"
SCAFFOLDING_K8S_VERSION: "v1.29.x"
jobs:
test:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# match Kubectl version to kind cluster version used in scaffolding setup
# https://github.com/sigstore/scaffolding/blob/8f5907d5dc59c1af0e3c757486105179eab3301a/hack/setup-kind.sh#L80-L81
- name: Install kubectl
run: |
curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl"
chmod +x kubectl
mkdir -p $HOME/.bin/kubectl
mv kubectl $HOME/.bin/kubectl/
echo "$HOME/.bin/kubectl" >> $GITHUB_PATH
- name: Detect Workflow
id: detect-workflow
uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@92ceddd1d2fb829ae029da7bc41e59293cc6dc7c
- name: Sigstore Setup
uses: sigstore/scaffolding/actions/setup@a20ae166ad6fe8f7165f4b3ee218acf72d9c45e8 # v0.6.17
with:
k8s-version: ${{ env.SCAFFOLDING_K8S_VERSION }}
version: "latest-release"
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'go.mod'
- name: Download Deps
run: go mod download
- name: Build
run: make build
- name: Move TUF root
run: mv root.json test/
- name: Run Tests
env:
KEYLESS_ISSUER: "https://token.actions.githubusercontent.com"
KEYLESS_SUBJECT: ${{ github.server_url }}/${{ github.repository }}/${{ steps.detect-workflow.outputs.workflow }}@${{ steps.detect-workflow.outputs.ref }}
# the attestation tool expects a value for GITHUB_TOKEN, but interactions with the GitHub API are replayed from fixtures
GITHUB_TOKEN: "invalid"
REGISTRY_URL: "registry.local:5000"
run: make test
release:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: [test]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
with:
node-version: 20
- name: Setup Semantic Release
run: npm install -g semantic-release -D
- name: Release
run: npx semantic-release
env:
GH_TOKEN: ${{ github.token }}
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'go.mod'
- name: GoReleaser
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}