trusted github account in summary (#90)

* trusted github account in summary * added support for composite actions * fix audit rules * fix audit rules * fixed file tampering * fixes in file tampering summary * summary fix * summary fix * uniq pid check in build tampering * version bump to v1.7.0-rc.8 * fix lint issues * file tampering fix * fix audit rules * version bump v1.7.0-rc.11 * fix auditd rules for working directory watch * make auditd mutatable for debugging * added git directory exclusion logic * dependency updates * v1.7.0
koalalab-inc · Sep 9, 2024 · d27f007 · d27f007
1 parent 0a2946b
commit d27f007
Show file tree

Hide file tree

Showing 14 changed files with 436 additions and 164 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,14 +7,16 @@ on:
 
 permissions: read-all
 
+env:
+  tag: ${{ github.ref_name }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
     permissions:
       contents: write
       id-token: write
     env:
-      tag: ${{ github.ref_name }}
       os: linux
       arch: x86_64
     outputs:
@@ -108,24 +110,22 @@ jobs:
 
   provenance:
     needs: [build]
+    if: ${{ !endsWith(github.ref_name, 'rc') && !contains(github.ref_name, 'rc.') }}
     permissions:
       actions: read
       id-token: write
       contents: write
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    # uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
-      # Upload provenance to a new release
       upload-assets: true
 
   release:
-    needs: [build, provenance]    
+    needs: [build]    
     runs-on: ubuntu-latest
     permissions:
       contents: write
     env:
-      tag: ${{ github.ref_name }}
       os: linux
       arch: x86_64
     steps:
@@ -166,7 +166,7 @@ jobs:
           name: ${{ env.tag }}
           generate_release_notes: true
           token: ${{ secrets.GITHUB_TOKEN }}
-          prerelease: ${{ endsWith(env.tag, 'rc') }}
+          prerelease: ${{ endsWith(env.tag, 'rc') || contains(env.tag, 'rc.') }}
 
       - name: Verify Release
         run: |

diff --git a/.gitignore b/.gitignore
@@ -106,4 +106,4 @@ bin/
 
 src/generated/
 
-audit.json
+audit*.json
diff --git a/__tests__/index.test.js b/__tests__/index.test.js
@@ -44,11 +44,6 @@ describe('index', () => {
   it('should return an array', async () => {
     const { getTrustedGithubAccounts } = require('../src/input')
 
-    // jest.mock('@actions/core', () => ({
-    //   warning: (...args) => console.log(...args, '\n'),
-    //   error: (...args) => console.log(...args, '\n')
-    // }))
-
     const accounts = getTrustedGithubAccounts()
 
     expect(accounts).toBeInstanceOf(Array)

diff --git a/badges/coverage.svg b/badges/coverage.svg