From 7e82ded79180ec239a57b0d24020bf4cf2cf2f8b Mon Sep 17 00:00:00 2001 From: John Kjell Date: Tue, 1 Oct 2024 11:46:10 -0400 Subject: [PATCH] Add policy for PR that doesn't look for merge Signed-off-by: John Kjell --- .github/workflows/pipeline.yml | 15 ++ pr-policy-signed.json | 1 + pr-policy.json | 460 +++++++++++++++++++++++++++++++++ 3 files changed, 476 insertions(+) create mode 100644 pr-policy-signed.json create mode 100644 pr-policy.json diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index b8a8bbc..5d84ba6 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -176,3 +176,18 @@ jobs: chmod +x /tmp/witness command: | /tmp/witness verify -p policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista -l debug + + verify-pr: + if: ${{ github.event_name == 'pull_request' }} + uses: testifysec/witness-run-action/.github/workflows/witness.yml@reusable-workflow + with: + pull_request: ${{ github.event_name == 'pull_request' }} + step: verify + pre-command-attestations: "git github environment" + attestations: "git github environment" + artifact-download: image.tar + pre-command: | + curl -sSfL https://github.com/jkjell/witness/releases/download/osff-demo/witness -o /tmp/witness && \ + chmod +x /tmp/witness + command: | + /tmp/witness verify -p pr-policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista -l debug diff --git a/pr-policy-signed.json b/pr-policy-signed.json new file mode 100644 index 0000000..e4d2fe4 --- /dev/null +++ b/pr-policy-signed.json @@ -0,0 +1 @@ +{"payload":"ewogICAgImV4cGlyZXMiOiAiMjAyNS0xMi0xN1QyMzo1Nzo0MC0wNTowMCIsCiAgICAic3RlcHMiOiB7CiAgICAgICJmbXQiOiB7CiAgICAgICAgIm5hbWUiOiAiZm10IiwKICAgICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9lbnZpcm9ubWVudC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9tYXRlcmlhbC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvY29tbWFuZC1ydW4vdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIKICAgICAgICAgIH0KICAgICAgICBdLAogICAgICAgICJmdW5jdGlvbmFyaWVzIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgICAiZGNmMTY2ZWViZTdjYmQ5NzYwOTQ3YTg4MjEzZDk0ZTY1NjM0OWM2NDdkNDM5NTY5ZGM3NmEyNzVmMDViNzE1OSIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJleHRlbnNpb25zIjogewogICAgICAgICAgICAgICAgImlzc3VlciI6ICJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwKICAgICAgICAgICAgICAgICJzb3VyY2VfcmVwb3NpdG9yeV91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmIiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfdXJpIjogImh0dHBzOi8vZ2l0aHViLmNvbS90ZXN0aWZ5c2VjL3dpdG5lc3MtcnVuLWFjdGlvbi8uZ2l0aHViL3dvcmtmbG93cy93aXRuZXNzLnltbEByZWZzL2hlYWRzL3JldXNhYmxlLXdvcmtmbG93IiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfZGlnZXN0IjogImQ2NmY4OWVjODUzOTM5OGVkOTkwNGQxYTYyMmJkMDMwM2JmZTM4NGMiLAogICAgICAgICAgICAgICAgImJ1aWxkX2NvbmZpZ191cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmLy5naXRodWIvd29ya2Zsb3dzL3BpcGVsaW5lLnltbEByZWZzL2hlYWRzLyoiLAogICAgICAgICAgICAgICAgInJ1bm5lcl9lbnZpcm9ubWVudCI6ICJnaXRodWItaG9zdGVkIgogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgInZldCI6IHsKICAgICAgICAibmFtZSI6ICJ2ZXQiLAogICAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIgogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAgICJkY2YxNjZlZWJlN2NiZDk3NjA5NDdhODgyMTNkOTRlNjU2MzQ5YzY0N2Q0Mzk1NjlkYzc2YTI3NWYwNWI3MTU5IgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICAgICAgICAgICAiaXNzdWVyIjogImh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLAogICAgICAgICAgICAgICAgInNvdXJjZV9yZXBvc2l0b3J5X3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YiLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvd2l0bmVzcy1ydW4tYWN0aW9uLy5naXRodWIvd29ya2Zsb3dzL3dpdG5lc3MueW1sQHJlZnMvaGVhZHMvcmV1c2FibGUtd29ya2Zsb3ciLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl9kaWdlc3QiOiAiZDY2Zjg5ZWM4NTM5Mzk4ZWQ5OTA0ZDFhNjIyYmQwMzAzYmZlMzg0YyIsCiAgICAgICAgICAgICAgICAiYnVpbGRfY29uZmlnX3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YvLmdpdGh1Yi93b3JrZmxvd3MvcGlwZWxpbmUueW1sQHJlZnMvaGVhZHMvKiIsCiAgICAgICAgICAgICAgICAicnVubmVyX2Vudmlyb25tZW50IjogImdpdGh1Yi1ob3N0ZWQiCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAibGludCI6IHsKICAgICAgICAibmFtZSI6ICJsaW50IiwKICAgICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9lbnZpcm9ubWVudC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9tYXRlcmlhbC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvY29tbWFuZC1ydW4vdjAuMSIsCiAgICAgICAgICAgICJyZWdvcG9saWNpZXMiOiBbCiAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIm5hbWUiOiAiZXhwZWN0ZWQgY29tbWFuZCIsCiAgICAgICAgICAgICAgICAibW9kdWxlIjogImNHRmphMkZuWlNCamIyMXRZVzVrY25WdUxtTnRaQW9LWkdWdWVWdHRjMmRkSUhzS0NXbHVjSFYwTG1OdFpDQWhQU0JiSWk5aWFXNHZjMmdpTENBaUxXTWlMQ0FpYUdGa2IyeHBiblFnTFdZZ2MyRnlhV1lnUkc5amEyVnlabWxzWlNBK0lHaGhaRzlzYVc1MExuTmhjbWxtSWwwS0NXMXpaeUE2UFNBaWRXNWxlSEJsWTNSbFpDQmpiV1FpQ24wSyIKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIKICAgICAgICAgIH0KICAgICAgICBdLAogICAgICAgICJmdW5jdGlvbmFyaWVzIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgICAiZGNmMTY2ZWViZTdjYmQ5NzYwOTQ3YTg4MjEzZDk0ZTY1NjM0OWM2NDdkNDM5NTY5ZGM3NmEyNzVmMDViNzE1OSIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJleHRlbnNpb25zIjogewogICAgICAgICAgICAgICAgImlzc3VlciI6ICJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwKICAgICAgICAgICAgICAgICJzb3VyY2VfcmVwb3NpdG9yeV91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmIiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfdXJpIjogImh0dHBzOi8vZ2l0aHViLmNvbS90ZXN0aWZ5c2VjL3dpdG5lc3MtcnVuLWFjdGlvbi8uZ2l0aHViL3dvcmtmbG93cy93aXRuZXNzLnltbEByZWZzL2hlYWRzL3JldXNhYmxlLXdvcmtmbG93IiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfZGlnZXN0IjogImQ2NmY4OWVjODUzOTM5OGVkOTkwNGQxYTYyMmJkMDMwM2JmZTM4NGMiLAogICAgICAgICAgICAgICAgImJ1aWxkX2NvbmZpZ191cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmLy5naXRodWIvd29ya2Zsb3dzL3BpcGVsaW5lLnltbEByZWZzL2hlYWRzLyoiLAogICAgICAgICAgICAgICAgInJ1bm5lcl9lbnZpcm9ubWVudCI6ICJnaXRodWItaG9zdGVkIgogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgInVuaXQtdGVzdCI6IHsKICAgICAgICAibmFtZSI6ICJ1bml0LXRlc3QiLAogICAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIgogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAgICJkY2YxNjZlZWJlN2NiZDk3NjA5NDdhODgyMTNkOTRlNjU2MzQ5YzY0N2Q0Mzk1NjlkYzc2YTI3NWYwNWI3MTU5IgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICAgICAgICAgICAiaXNzdWVyIjogImh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLAogICAgICAgICAgICAgICAgInNvdXJjZV9yZXBvc2l0b3J5X3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YiLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvd2l0bmVzcy1ydW4tYWN0aW9uLy5naXRodWIvd29ya2Zsb3dzL3dpdG5lc3MueW1sQHJlZnMvaGVhZHMvcmV1c2FibGUtd29ya2Zsb3ciLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl9kaWdlc3QiOiAiZDY2Zjg5ZWM4NTM5Mzk4ZWQ5OTA0ZDFhNjIyYmQwMzAzYmZlMzg0YyIsCiAgICAgICAgICAgICAgICAiYnVpbGRfY29uZmlnX3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YvLmdpdGh1Yi93b3JrZmxvd3MvcGlwZWxpbmUueW1sQHJlZnMvaGVhZHMvKiIsCiAgICAgICAgICAgICAgICAicnVubmVyX2Vudmlyb25tZW50IjogImdpdGh1Yi1ob3N0ZWQiCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAic2FzdCI6IHsKICAgICAgICAibmFtZSI6ICJzYXN0IiwKICAgICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9lbnZpcm9ubWVudC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9tYXRlcmlhbC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvY29tbWFuZC1ydW4vdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL3Byb2R1Y3QvdjAuMSIKICAgICAgICAgIH0KICAgICAgICBdLAogICAgICAgICJmdW5jdGlvbmFyaWVzIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyb290IiwKICAgICAgICAgICAgImNlcnRDb25zdHJhaW50IjogewogICAgICAgICAgICAgICJjb21tb25uYW1lIjogIioiLAogICAgICAgICAgICAgICJkbnNuYW1lcyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImVtYWlscyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgIm9yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJ1cmlzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAicm9vdHMiOiBbCiAgICAgICAgICAgICAgICAiZGNmMTY2ZWViZTdjYmQ5NzYwOTQ3YTg4MjEzZDk0ZTY1NjM0OWM2NDdkNDM5NTY5ZGM3NmEyNzVmMDViNzE1OSIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJleHRlbnNpb25zIjogewogICAgICAgICAgICAgICAgImlzc3VlciI6ICJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwKICAgICAgICAgICAgICAgICJzb3VyY2VfcmVwb3NpdG9yeV91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmIiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfdXJpIjogImh0dHBzOi8vZ2l0aHViLmNvbS90ZXN0aWZ5c2VjL3dpdG5lc3MtcnVuLWFjdGlvbi8uZ2l0aHViL3dvcmtmbG93cy93aXRuZXNzLnltbEByZWZzL2hlYWRzL3JldXNhYmxlLXdvcmtmbG93IiwKICAgICAgICAgICAgICAgICJidWlsZF9zaWduZXJfZGlnZXN0IjogImQ2NmY4OWVjODUzOTM5OGVkOTkwNGQxYTYyMmJkMDMwM2JmZTM4NGMiLAogICAgICAgICAgICAgICAgImJ1aWxkX2NvbmZpZ191cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvc3dmLy5naXRodWIvd29ya2Zsb3dzL3BpcGVsaW5lLnltbEByZWZzL2hlYWRzLyoiLAogICAgICAgICAgICAgICAgInJ1bm5lcl9lbnZpcm9ubWVudCI6ICJnaXRodWItaG9zdGVkIgogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgImJ1aWxkLWltYWdlIjogewogICAgICAgICJuYW1lIjogImJ1aWxkLWltYWdlIiwKICAgICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9lbnZpcm9ubWVudC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvZ2l0L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9tYXRlcmlhbC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvY29tbWFuZC1ydW4vdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MS4wIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvb2NpL3YwLjEiCiAgICAgICAgICB9CiAgICAgICAgXSwKICAgICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAicm9vdCIsCiAgICAgICAgICAgICJjZXJ0Q29uc3RyYWludCI6IHsKICAgICAgICAgICAgICAiY29tbW9ubmFtZSI6ICIqIiwKICAgICAgICAgICAgICAiZG5zbmFtZXMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJlbWFpbHMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJvcmdhbml6YXRpb25zIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAidXJpcyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgInJvb3RzIjogWwogICAgICAgICAgICAgICAgImRjZjE2NmVlYmU3Y2JkOTc2MDk0N2E4ODIxM2Q5NGU2NTYzNDljNjQ3ZDQzOTU2OWRjNzZhMjc1ZjA1YjcxNTkiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAiZXh0ZW5zaW9ucyI6IHsKICAgICAgICAgICAgICAgICJpc3N1ZXIiOiAiaHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbSIsCiAgICAgICAgICAgICAgICAic291cmNlX3JlcG9zaXRvcnlfdXJpIjogImh0dHBzOi8vZ2l0aHViLmNvbS90ZXN0aWZ5c2VjL3N3ZiIsCiAgICAgICAgICAgICAgICAiYnVpbGRfc2lnbmVyX3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy93aXRuZXNzLXJ1bi1hY3Rpb24vLmdpdGh1Yi93b3JrZmxvd3Mvd2l0bmVzcy55bWxAcmVmcy9oZWFkcy9yZXVzYWJsZS13b3JrZmxvdyIsCiAgICAgICAgICAgICAgICAiYnVpbGRfc2lnbmVyX2RpZ2VzdCI6ICJkNjZmODllYzg1MzkzOThlZDk5MDRkMWE2MjJiZDAzMDNiZmUzODRjIiwKICAgICAgICAgICAgICAgICJidWlsZF9jb25maWdfdXJpIjogImh0dHBzOi8vZ2l0aHViLmNvbS90ZXN0aWZ5c2VjL3N3Zi8uZ2l0aHViL3dvcmtmbG93cy9waXBlbGluZS55bWxAcmVmcy9oZWFkcy8qIiwKICAgICAgICAgICAgICAgICJydW5uZXJfZW52aXJvbm1lbnQiOiAiZ2l0aHViLWhvc3RlZCIKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICBdCiAgICAgIH0sCiAgICAgICJnZW5lcmF0ZS1zYm9tIjogewogICAgICAgICJuYW1lIjogImdlbmVyYXRlLXNib20iLAogICAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIgogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAgICJkY2YxNjZlZWJlN2NiZDk3NjA5NDdhODgyMTNkOTRlNjU2MzQ5YzY0N2Q0Mzk1NjlkYzc2YTI3NWYwNWI3MTU5IgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICAgICAgICAgICAiaXNzdWVyIjogImh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLAogICAgICAgICAgICAgICAgInNvdXJjZV9yZXBvc2l0b3J5X3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YiLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvd2l0bmVzcy1ydW4tYWN0aW9uLy5naXRodWIvd29ya2Zsb3dzL3dpdG5lc3MueW1sQHJlZnMvaGVhZHMvcmV1c2FibGUtd29ya2Zsb3ciLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl9kaWdlc3QiOiAiZDY2Zjg5ZWM4NTM5Mzk4ZWQ5OTA0ZDFhNjIyYmQwMzAzYmZlMzg0YyIsCiAgICAgICAgICAgICAgICAiYnVpbGRfY29uZmlnX3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YvLmdpdGh1Yi93b3JrZmxvd3MvcGlwZWxpbmUueW1sQHJlZnMvaGVhZHMvKiIsCiAgICAgICAgICAgICAgICAicnVubmVyX2Vudmlyb25tZW50IjogImdpdGh1Yi1ob3N0ZWQiCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAic2VjcmV0LXNjYW4iOiB7CiAgICAgICAgIm5hbWUiOiAic2VjcmV0LXNjYW4iLAogICAgICAgICJhdHRlc3RhdGlvbnMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL2Vudmlyb25tZW50L3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXQvdjAuMSIKICAgICAgICAgIH0sCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImh0dHBzOi8vd2l0bmVzcy5kZXYvYXR0ZXN0YXRpb25zL21hdGVyaWFsL3YwLjEiCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9jb21tYW5kLXJ1bi92MC4xIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAiaHR0cHM6Ly93aXRuZXNzLmRldi9hdHRlc3RhdGlvbnMvcHJvZHVjdC92MC4xIgogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgImZ1bmN0aW9uYXJpZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogInJvb3QiLAogICAgICAgICAgICAiY2VydENvbnN0cmFpbnQiOiB7CiAgICAgICAgICAgICAgImNvbW1vbm5hbWUiOiAiKiIsCiAgICAgICAgICAgICAgImRuc25hbWVzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAiZW1haWxzIjogWwogICAgICAgICAgICAgICAgIioiCiAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAib3JnYW5pemF0aW9ucyI6IFsKICAgICAgICAgICAgICAgICIqIgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgInVyaXMiOiBbCiAgICAgICAgICAgICAgICAiKiIKICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICJyb290cyI6IFsKICAgICAgICAgICAgICAgICJkY2YxNjZlZWJlN2NiZDk3NjA5NDdhODgyMTNkOTRlNjU2MzQ5YzY0N2Q0Mzk1NjlkYzc2YTI3NWYwNWI3MTU5IgogICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICAgICAgICAgICAiaXNzdWVyIjogImh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20iLAogICAgICAgICAgICAgICAgInNvdXJjZV9yZXBvc2l0b3J5X3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YiLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl91cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL3Rlc3RpZnlzZWMvd2l0bmVzcy1ydW4tYWN0aW9uLy5naXRodWIvd29ya2Zsb3dzL3dpdG5lc3MueW1sQHJlZnMvaGVhZHMvcmV1c2FibGUtd29ya2Zsb3ciLAogICAgICAgICAgICAgICAgImJ1aWxkX3NpZ25lcl9kaWdlc3QiOiAiZDY2Zjg5ZWM4NTM5Mzk4ZWQ5OTA0ZDFhNjIyYmQwMzAzYmZlMzg0YyIsCiAgICAgICAgICAgICAgICAiYnVpbGRfY29uZmlnX3VyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vdGVzdGlmeXNlYy9zd2YvLmdpdGh1Yi93b3JrZmxvd3MvcGlwZWxpbmUueW1sQHJlZnMvaGVhZHMvKiIsCiAgICAgICAgICAgICAgICAicnVubmVyX2Vudmlyb25tZW50IjogImdpdGh1Yi1ob3N0ZWQiCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAicHVsbF9yZXF1ZXN0X3JldmlldyI6IHsKICAgICAgICAibmFtZSI6ICJwdWxsX3JlcXVlc3RfcmV2aWV3IiwKICAgICAgICAiYXR0ZXN0YXRpb25zIjogWwogICAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9naXRodWJ3ZWJob29rL3YwLjEiLAogICAgICAgICAgICAicmVnb3BvbGljaWVzIjogWwogICAgICAgICAgICBdCiAgICAgICAgICB9CiAgICAgICAgXSwKICAgICAgICAiZnVuY3Rpb25hcmllcyI6IFsKICAgICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAicHVibGlja2V5IiwKICAgICAgICAgICAgInB1YmxpY2tleWlkIjogIjY1MTZkMDgxMmNiNWEwZDAxZjdmMDE0Zjg4ZTA0YzVkNGMyZDg5YTY0ZTc4OGExMjk1MGJhOTUwZmI0M2VmNDUiCiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9CiAgICB9LAogICAgInB1YmxpY2tleXMiOiB7CiAgICAgICI2NTE2ZDA4MTJjYjVhMGQwMWY3ZjAxNGY4OGUwNGM1ZDRjMmQ4OWE2NGU3ODhhMTI5NTBiYTk1MGZiNDNlZjQ1IjogewogICAgICAgICJrZXlpZCI6ICI2NTE2ZDA4MTJjYjVhMGQwMWY3ZjAxNGY4OGUwNGM1ZDRjMmQ4OWE2NGU3ODhhMTI5NTBiYTk1MGZiNDNlZjQ1IiwKICAgICAgICAia2V5IjogIkxTMHRMUzFDUlVkSlRpQlFWVUpNU1VNZ1MwVlpMUzB0TFMwS1RVbEpRa2xxUVU1Q1oydHhhR3RwUnpsM01FSkJVVVZHUVVGUFEwRlJPRUZOU1VsQ1EyZExRMEZSUlVGMllXaHlRVXBETlhObFkyeHVXRWxxUTJONE5ncEtjR2t4UVcxbFdXOUZRVlZtYW5sS1IySTVjSHBSUVU0dlQzQmhjalpyYW0xTU9VOWphMnBtZFcxYVNWbHBiWG8zUTJKcVoxZDZWR3N2T1dGMlUxQmpDbVppYXpCUVJFZEtjRXBKVGpoTlpIQjZVV3MwYVhsbkt5dDJORFkyWlVoRFNYcHlWRXhZY1VKRFIyMVNhMWh5U0ZCSlFrbEVhelY1Ymtrd2VFVjZhbk1LY1VGR2FFRjZZMnRKVkZadFkyVjRURTQwZW1oek9HbEdjWFJ4Wm1WeFMwVk1NM05RVVdaUFQzQnpURlpGY0M5TVIzaDRLMlZwZEdabkwyWlBXVTFwTXdwa2RVazNPRGROYkdjd1VDOVNOV053YWpSQmVHSldkMU4zVDNoemVWQm5Ua1pTUzFWcGQwMTNPVmw2SzIxbGNYbDVSR1JPZURkbmNqQjZWMGxWYUd0NkNsQlFVamd5TVZOV00wWk9hSEpqZW1OU1IyMHlkeXQxWXpsRGNpczVWWEJqVEVGdEwzTXhPWFY0WWpCMVZXazFlRlJUUkdSQ1ZDODBPRkZ2TmpGU01WUUtWVkZKUkVGUlFVSUtMUzB0TFMxRlRrUWdVRlZDVEVsRElFdEZXUzB0TFMwdENnPT0iCiAgICAgIH0KICAgIH0sCiAgICAicm9vdHMiOiB7CiAgICAgICJkY2YxNjZlZWJlN2NiZDk3NjA5NDdhODgyMTNkOTRlNjU2MzQ5YzY0N2Q0Mzk1NjlkYzc2YTI3NWYwNWI3MTU5IjogewogICAgICAgICJjZXJ0aWZpY2F0ZSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VOSGFrTkRRV0ZIWjBGM1NVSkJaMGxWUVV4dVZtbFdabTVWTUdKeVNtRnpiVkpyU0hKdUwxVnVabUZSZDBObldVbExiMXBKZW1vd1JVRjNUWGNLUzJwRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5Va1YzUkhkWlJGWlJVVVJGZDJoNllWZGtlbVJIT1hsYVZFRmxSbmN3ZVFwTmFrRXdUVlJOZVUxRVFUSk5WRlpoUm5jd2VrMVVSWGROUkZWNFRYcFZNazVVYUdGTlJHTjRSbFJCVkVKblRsWkNRVzlVUkVoT2NGb3pUakJpTTBwc0NreHRVbXhrYWtWbFRVSjNSMEV4VlVWQmVFMVdZekpzYm1NelVuWmpiVlYwWVZjMU1GcFlTblJhVjFKd1dWaFNiRTFJV1hkRlFWbElTMjlhU1hwcU1FTUtRVkZaUmtzMFJVVkJRMGxFV1dkQlJUaFNWbE12ZVhOSUswNVBkblZFV25sUVNWcDBhV3huVlVZNVRteGhjbGx3UVdRNVNGQXhka0pDU0RGVk5VTldOd28zVEZOVE4zTXdXbWxJTkc1Rk4waDJOM0IwVXpaTWRuWlNMMU5VYXpjNU9FeFdaMDE2VEd4S05FaGxTV1pHTTNSSVUyRmxlRXhqV1hCVFFWTnlNV3RUQ2pCT0wxSm5Ra3A2THpscVYwTnBXRzV2TTNOM1pWUkJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkJVVmwzUlhkWlJGWlNNR3hDUVhkM1EyZFpTVXQzV1VJS1FsRlZTRUYzVFhkRloxbEVWbEl3VkVGUlNDOUNRV2QzUW1kRlFpOTNTVUpCUkVGa1FtZE9Wa2hSTkVWR1oxRlZNemxRY0hveFdXdEZXbUkxY1U1cWNBcExSbGRwZUdrMFdWcEVPSGRJZDFsRVZsSXdha0pDWjNkR2IwRlZWMDFCWlZnMVJrWndWMkZ3WlhONVVXOWFUV2t3UTNKR2VHWnZkME5uV1VsTGIxcEpDbnBxTUVWQmQwMUVXbmRCZDFwQlNYZFFRM05SU3pSRVdXbGFXVVJRU1dGRWFUVklSa3R1Wm5oWWVEWkJVMU5XYlVWU1puTjVibGxDYVZneVdEWlRTbElLYmxwVk9EUXZPVVJhWkc1R2RuWjRiVUZxUWs5ME5sRndRbXhqTkVvdk1FUjRkbXRVUTNGd1kyeDJlbWxNTmtKRFExQnVhbVJzU1VJelVIVXpRbmh6VUFwdGVXZFZXVGRKYVRKNlltUkRaR3hwYVc5M1BRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnbz0iLAogICAgICAgICJpbnRlcm1lZGlhdGVzIjogWwogICAgICAgICAgIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVUk1ZWtORFFWaDVaMEYzU1VKQlowbFZRVXhhVGtGUVJtUjRTRkIzYW1WRWJHOUVkM2xaUTJoQlR5ODBkME5uV1VsTGIxcEplbW93UlVGM1RYY0tTMnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVrVjNSSGRaUkZaUlVVUkZkMmg2WVZka2VtUkhPWGxhVkVGbFJuY3dlUXBOVkVWM1RVUmplRTE2VlRKT1ZHeGhSbmN3ZWsxVVJYZE5SRlY0VFhwVk1rNVVhR0ZOUTI5NFJsUkJWRUpuVGxaQ1FXOVVSRWhPY0ZvelRqQmlNMHBzQ2t4dFVteGtha1ZTVFVFNFIwRXhWVVZCZUUxSll6SnNibU16VW5aamJWVjNaR3BCVVVKblkzRm9hMnBQVUZGSlFrSm5WWEpuVVZGQlNXZE9hVUZCVkRjS1dHVkdWRFJ5WWpOUVVVZDNVelJKWVdwMFRHc3pMMDlzYm5CbllXNW5ZVUpqYkZsd2MxbENjalZwS3pSNWJrSXdOMk5sWWpOTVVEQlBTVTlhWkhobGVBcFlOamxqTldsV2RYbEtVbEVyU0hvd05YbHBLMVZHTTNWQ1YwRnNTSEJwVXpWemFEQXJTREpIU0VVM1UxaHlhekZGUXpWdE1WUnlNVGxNT1dkbk9USnFDbGw2UW1oTlFUUkhRVEZWWkVSM1JVSXZkMUZGUVhkSlFrSnFRVkJDWjA1V1NGSk5Ra0ZtT0VWQ1ZFRkVRVkZJTDAxQ01FZEJNVlZrUkdkUlYwSkNVbGtLZDBJMVptdFZWMnhhY1d3MmVrcERhR3Q1VEZGTGMxaEdLMnBCWmtKblRsWklVMDFGUjBSQlYyZENVbGwzUWpWbWExVlhiRnB4YkRaNlNrTm9hM2xNVVFwTGMxaEdLMnBCUzBKblozRm9hMnBQVUZGUlJFRjNUbkJCUkVKdFFXcEZRV294YmtobFdGcHdLekV6VGxkQ1RtRXJSVVJ6UkZBNFJ6RlhWMmN4ZEVOTkNsZFFMMWRJVUhGd1lWWnZNR3BvYzNkbFRrWmFaMU56TUdWRk4zZFpTVFJ4UVdwRlFUSlhRamx2ZERrNGMwbHJiMFl6ZGxwWlpHUXpMMVowVjBJMVlqa0tWRTVOWldFM1NYZ3ZjM1JLTlZSbVkweE1aVUZDVEVVMFFrNUtUM05STkhadVFraEtDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiCiAgICAgICAgXQogICAgICB9CiAgICB9LAogICAgInRpbWVzdGFtcGF1dGhvcml0aWVzIjogewogICAgICAiZnJlZXRzYSI6IHsKICAgICAgICAiY2VydGlmaWNhdGUiOiAiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVZ3Zla05EUW1WbFowRjNTVUpCWjBsS1FVMUljR2hvV1U1eFQyMUJUVUV3UjBOVGNVZFRTV0l6UkZGRlFrUlJWVUZOU1VkV1RWSkZkMFIzV1VRS1ZsRlJTMFYzYUVkamJWWnNTVVpTVkZGVVJWRk5RVFJIUVRGVlJVTjRUVWhWYlRsMlpFTkNSRkZVUlZsTlFsbEhRVEZWUlVGNFRWQmtNMlF6VEcxYWVRcGFWMVl3WXpKRmRXSXpTbTVOVTBsM1NVRlpTa3R2V2tsb2RtTk9RVkZyUWtab1RtbGtXRTV3WWtkV05sbFlUa0ZhTWpGb1lWZDNkVmt5T1hSTlVrbDNDa1ZCV1VSV1VWRklSWGRzV0dSWFZubGxiVW94WTIxamVFUjZRVTVDWjA1V1FrRm5WRUpyU21obFYxWjVZbXBGVEUxQmEwZEJNVlZGUW1oTlExSkZWWGNLU0doalRrMVVXWGROZWtWNlRVUkZNVTFxUlhwWGFHTk9Ua1JGZDAxNlFUTk5SRVV4VFdwRmVsZHFRMEpzVkVWU1RVRTRSMEV4VlVWRGFFMUpVbTVLYkFwYVUwSlZWVEJGZUVWRVFVOUNaMDVXUWtGelZFSXhTblppTTFGblVUQkZlRWRFUVZkQ1owNVdRa0ZOVkVRelpETmtlVFZ0WTIxV2JHUklUbWhNYlRsNUNscDZSV2xOUTBGSFExTnhSMU5KWWpORVVVVktRVkpaVkZsdVZucGhWM2hzWlcxR2VsRkhaSFJaVjJ4elRHMU9kbUpVUlZOTlFrRkhRVEZWUlVKNFRVb0tWak5XYkdOdWNHbGtXRXB1VFZFNGQwUlJXVVJXVVZGSlJYZGFRMWxZYkd4amJUUjRRM3BCU2tKblRsWkNRVmxVUVd0U1JrMUpTVU5KYWtGT1FtZHJjUXBvYTJsSE9YY3dRa0ZSUlVaQlFVOURRV2M0UVUxSlNVTkRaMHREUVdkRlFYUm5TMDlFYWtGNU9GSkZVVEpYVkU1eFZYVmtRVzVxYUd4RGNuQkZObkZzQ20xUlprNXdjR1ZVYlZaMlduSklOSHAxZEc0clRuZFVZVWhCUjNCcVUwZDJOQzlYVW5CYU1YZGFNMEpTV2pWdFVGVkNXbmxNWjNFd1dYSkpabEUxUm5nS01ITXZUVkphVUhwak1YSXpiRXRYY2sxU09YTkJVWGcwYlU0MGVqRXhlRVpGVHpVeU9Vd3daRVpLYWxCR09VMUVPRWR3WkRKbVpWZDZSM2x3ZEd4bGJBcGlLMUJ4VkNzcksyWlBZVEp2V1RBclRtRk5UVGRzTDNoalRraFFUMkZOZWpBdk1tOXNhekJwTWpKb1lrdGxWbWgyYjJ0UVEzRm9SbWg2YzNWb1MzTnRDbkUwVDJZdmJ5dDBObVJKTjNONE5XZ3dibEJOYlRSblIxTlNhR1p4SzNvMlFsUlNaME55Y1ZGSE1rWlBURzlXUm1kME5tbEpiUzlDYms1bVpsVnlOMVlLUkZsa00zcGFiVWwzUms5cUwwZ3pSRXRJYjBkcGF5OTRTek5GT0RKWlFUSmFkV3hXVDBaU1Z5OTZhalJCY0dwUVlUVlBSbUp3U1d0a01IQnRlbmg2WkFwRlkwdzBOemxvVTBFNVpFWnBlVlp0VTNoUWRGazFlbVV4VUN0Q1JUbGlUVlV4VUZOamNGSjZkemhOU0VaWWVIbExjVmN4TTFGMk4weFhkelJ6WW1zekNsTmphVUkzUjBGRFlsRnBWa2Q2WjJ0MldFYzJlVGcxU0U5MWRsZE9ka00xUjB4VGFYbFFPVWRzVUVJd1ZqWTRkR0o0ZWpSS1ZsUlNaSGN2V0c0dldGUUtSazU2VWtKTk0yTnhPR3hDVDBGV2RDOVFRVmcxSzNWR1kzWXhVemwzUmtVNFdXcGhRbVpYUTFBeGFtUkNhV3dyWXpSbEt6QjBaSGwzVkRKdlNtMVpRZ3BDUmk5clJYUXhkMjFIZDAxdFNIVnVUa1YxVVU1NmFERkdkRXBaTlRSb1lsVm1hVmRwTXpodFFWTkZOM2hOZEUxb1ptb3ZRelJUZG1Gd2FVUk9PRE0zQ21kWllWQm1jemg0TTB0YWVHSllOME16V1VGelJtNUthVzVzZDBGVmMzTXhabVJMWVhJNFVTOVpWbk0zU0M5dVZUUmpORWw0ZUhoNk5HWTJOMlpqVm5FS1RUSkpWRXRsYm5SaVEwMURRWGRGUVVGaFQwTkJhelIzWjJkS1MwMUJkMGRCTVZWa1JYZFJSazFCVFVKQlpqaDNSR2RaUkZaU01GQkJVVWd2UWtGUlJBcEJaMGhIVFVJd1IwRXhWV1JFWjFGWFFrSlVObFpSTWsxT1IxcFNVVEI2TXpVM1QyNWlTbGQyWlhWaGEyeDZRMEo1WjFsRVZsSXdha0pKU0VOTlNVY3ZDbWRDVkRaV1VUSk5Ua2RhVWxFd2VqTTFOMDl1WWtwWGRtVjFZV3RzTmtkQ2JUWlRRbTFFUTBKc1ZFVlNUVUU0UjBFeFZVVkRhRTFKVW01S2JGcFRRbFVLVlRCRmVFVkVRVTlDWjA1V1FrRnpWRUl4U25aaU0xRm5VVEJGZUVkRVFWZENaMDVXUWtGTlZFUXpaRE5rZVRWdFkyMVdiR1JJVG1oTWJUbDVXbnBGYVFwTlEwRkhRMU54UjFOSllqTkVVVVZLUVZKWlZGbHVWbnBoVjNoc1pXMUdlbEZIWkhSWlYyeHpURzFPZG1KVVJWTk5Ra0ZIUVRGVlJVSjRUVXBXTTFac0NtTnVjR2xrV0VwdVRWRTRkMFJSV1VSV1VWRkpSWGRhUTFsWWJHeGpiVFI0UTNwQlNrSm5UbFpDUVZsVVFXdFNSbWRuYTBGM1pXMUhSbWN5YnpaWlFYY0tUWGRaUkZaU01HWkNRM2QzUzJwQmIyOURZV2RLU1ZscFlVaFNNR05FYjNaTU0yUXpaSGsxYldOdFZteGtTRTVvVEcwNWVWcDVPWGxpTWprd1dESk9hQXBNYlU1NVlrUkRRbnAzV1VSV1VqQm5Ra2xJU0UxSlNFVk5TVWhDUW1kdmNrSm5SVVZCV1VoNVNrRkZRazFKUjNsTlJFMUhRME56UjBGUlZVWkNkMGxDQ2tacFpHOWtTRkozVDJrNGRtUXpaRE5NYlZwNVdsZFdNR015UlhWaU0wcHVUREphZVZwWFZqQmpNa1ptV1ROQ2VreHRhREJpVjNkM1RXZFpTVXQzV1VJS1FsRlZTRUZuUlZkS2JXZ3daRWhCTmt4NU9UTmtNMk4xV201S2JGcFlVbnBaVXpWMlkyMWpkbHB1U214YVdGSjZXVlk1YW1OSVRYVmpSMUp0VFVWalJ3cERRM05IUVZGVlJrSjNTVU5OUkhOaFQxVmFlVnBYVmxWVk1FVm5aRWhLTVdNelVteGFRMEl3WVZjeGJHTXpVbWhpV0VKd1ltMWpaMVV5T1cxa1NHUm9DbU50VldkWldFMW5XVk5DVkZwWVNqSmhWMDVzU1VOb1ZGbFhSbFJMVkVFelFtZG5ja0puUlVaQ1VXTkNRVkZSY2sxRGEzZEtkMWxKUzNkWlFrSlJWVWdLVFVGSFIwY3lhREJrU0VFMlRIazVNMlF6WTNWYWJrcHNXbGhTZWxsVE5YWmpiV00yVFdwVk1rMUVRVTVDWjJ0eGFHdHBSemwzTUVKQlVUQkdRVUZQUXdwQlowVkJZVXM1SzNZMVQwWlpkVGxOTm5wMFdVTXJURFk1YzNjeGIyMWtlV3hwT0Rsc1drRm1jRmROVFdnNVExSnRTbWhOTmt0Q2NVMHZhWEIzYjB4MENtNTRlWGhIYzJKRFVHaGpVV3AxVkhaNmJTdDViRTQyVm5kVVRXMUpiRlo1VmxOTVMxbGFZMlJUYW5RdlpVTlZUaXMwTVVzM2MwUTNSMVp0ZUZwQ1FVWUtTVXh1UWtSdFZFZEtiVXhyY2xVd1MzVjFTWEJxT0d4SkwwVTJXalpPYm0xMVVESXJVa0ZSVTBoelprSlJhVFp6YzNOdVdFMXZORWhQVnpWbmRGQlBOd3BuUkhKVmNGWllTVVFyS3pGUU5GaHVaR3R2UzI0M1UzWjNOVzR3ZWxNNVpuWXhhSGhDWTFsSlNGQlFVVlY2WlRKMU16QmlRVkYwTUc0d2FVbDVVa3g2Q21GWGRXaDBjRUYwWkRkbVpuZEZZa0ZUWjNwQ04wVXJUa2RHTkhSd1ZqTTNaVGhMYVVFeWVHbEhVMUp4VkRWdVpIVXlPR1puY0U5Wk9EZG5SRE5CY2xvS1JHTjBXbloyVkVObVNHUkJVelZyUlU4eloyNUhSMlZhUlZaTVJHMW1SWE4yT0ZSSFNtRXpRV3hxVm1FMVJUUXdTVkZFYzFWWWNGRk1hVGhISzFWRE5Bb3hSRmRhZFRoRlZsUTBjbTVaWVVOM01WWllOMU5vVDFJeFVFNURRM1pxWWpoVE9IUm1aSFZrWkRsNmFGVXpaMFZDTUhKNFpHVlVlVEYwVm1KT1RGaFhDams1ZVRrd2VHTjNjakZhU1VSVmQwMHZlRkV2Ym05UE9FWlNhRzB3VEc5UVF6Y3pSV1lyU2pSYVFtUnlkbGQzWVhWR00zcEtaVE16WkRScFluaEZZMklLT0M5d2VqVlhla1pyWldsNFdVMHlibk5JYUhGSWMwSkxkemRLVUc5MVMwNVlVbTVzTlVsQlJURmxSbTF4UkhsRE4wY3ZWbFEzVDBZMk5qbDRUVFpvWWdwVmREVkhNakZLUlRSalRrczJUazUxWTFNclpucG5NVXBRV0RBck0xWm9jMWxhYW1vM1JEVjFiR3BTZGxGWWNrbzRhVWhuY2k5Tk5tb3liMHhJZGxSQkNra3lUVXhrY1RKeGFscEdSRTlEV0hONFFuaEtjR0p0VEVkQ2VEbHZkelphWlhKc1ZYaDZkM015UVZkMk1uQnJQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09IgogICAgICB9CiAgICB9CiAgfQo=","payloadType":"https://witness.testifysec.com/policy/v0.1","signatures":[{"keyid":"6516d0812cb5a0d01f7f014f88e04c5d4c2d89a64e788a12950ba950fb43ef45","sig":"MjMOPIgKuiu7INsuKdvV+I8TiyTU95OItyMVGv7Y1lfn0yRUpJvLFQlVzw8uPsV+X41SGgYUukSZjvGZVIdDn8LLVwjNf4zGknD1VM7ievGcr2Vxc9UGSforqRkRkWmJxoaRiK7YdrCRoFRW/unkjttD+HrlfL4GA9zPCG5tLpUlWyM6srNkBx1NSuooxe4syDNghTd2vdNyLdNcE0LkM7IY7sTp6e8aOva6ZTAvcVlg6bQE6F1I9nGGDfCYjmQiaJr09+0xWfpDBWmsQDIP9zfXAWaweW3kmPoyDd2O+6iGuRDYb9pNnklV+SWA/e5tC4wmBoaH+3jAFh9anIYh+Q=="}]} diff --git a/pr-policy.json b/pr-policy.json new file mode 100644 index 0000000..895737a --- /dev/null +++ b/pr-policy.json @@ -0,0 +1,460 @@ +{ + "expires": "2025-12-17T23:57:40-05:00", + "steps": { + "fmt": { + "name": "fmt", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "vet": { + "name": "vet", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "lint": { + "name": "lint", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1", + "regopolicies": [ + { + "name": "expected command", + "module": "cGFja2FnZSBjb21tYW5kcnVuLmNtZAoKZGVueVttc2ddIHsKCWlucHV0LmNtZCAhPSBbIi9iaW4vc2giLCAiLWMiLCAiaGFkb2xpbnQgLWYgc2FyaWYgRG9ja2VyZmlsZSA+IGhhZG9saW50LnNhcmlmIl0KCW1zZyA6PSAidW5leHBlY3RlZCBjbWQiCn0K" + } + ] + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "unit-test": { + "name": "unit-test", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "sast": { + "name": "sast", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "build-image": { + "name": "build-image", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://slsa.dev/provenance/v1.0" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + }, + { + "type": "https://witness.dev/attestations/oci/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "generate-sbom": { + "name": "generate-sbom", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "secret-scan": { + "name": "secret-scan", + "attestations": [ + { + "type": "https://witness.dev/attestations/environment/v0.1" + }, + { + "type": "https://witness.dev/attestations/git/v0.1" + }, + { + "type": "https://witness.dev/attestations/material/v0.1" + }, + { + "type": "https://witness.dev/attestations/command-run/v0.1" + }, + { + "type": "https://witness.dev/attestations/product/v0.1" + } + ], + "functionaries": [ + { + "type": "root", + "certConstraint": { + "commonname": "*", + "dnsnames": [ + "*" + ], + "emails": [ + "*" + ], + "organizations": [ + "*" + ], + "uris": [ + "*" + ], + "roots": [ + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159" + ], + "extensions": { + "issuer": "https://token.actions.githubusercontent.com", + "source_repository_uri": "https://github.com/testifysec/swf", + "build_signer_uri": "https://github.com/testifysec/witness-run-action/.github/workflows/witness.yml@refs/heads/reusable-workflow", + "build_signer_digest": "d66f89ec8539398ed9904d1a622bd0303bfe384c", + "build_config_uri": "https://github.com/testifysec/swf/.github/workflows/pipeline.yml@refs/heads/*", + "runner_environment": "github-hosted" + } + } + } + ] + }, + "pull_request_review": { + "name": "pull_request_review", + "attestations": [ + { + "type": "https://witness.dev/attestations/githubwebhook/v0.1", + "regopolicies": [ + ] + } + ], + "functionaries": [ + { + "type": "publickey", + "publickeyid": "6516d0812cb5a0d01f7f014f88e04c5d4c2d89a64e788a12950ba950fb43ef45" + } + ] + } + }, + "publickeys": { + "6516d0812cb5a0d01f7f014f88e04c5d4c2d89a64e788a12950ba950fb43ef45": { + "keyid": "6516d0812cb5a0d01f7f014f88e04c5d4c2d89a64e788a12950ba950fb43ef45", + "key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YWhyQUpDNXNlY2xuWElqQ2N4NgpKcGkxQW1lWW9FQVVmanlKR2I5cHpRQU4vT3BhcjZram1MOU9ja2pmdW1aSVlpbXo3Q2JqZ1d6VGsvOWF2U1BjCmZiazBQREdKcEpJTjhNZHB6UWs0aXlnKyt2NDY2ZUhDSXpyVExYcUJDR21Sa1hySFBJQklEazV5bkkweEV6anMKcUFGaEF6Y2tJVFZtY2V4TE40emhzOGlGcXRxZmVxS0VMM3NQUWZPT3BzTFZFcC9MR3h4K2VpdGZnL2ZPWU1pMwpkdUk3ODdNbGcwUC9SNWNwajRBeGJWd1N3T3hzeVBnTkZSS1Vpd013OVl6K21lcXl5RGROeDdncjB6V0lVaGt6ClBQUjgyMVNWM0ZOaHJjemNSR20ydyt1YzlDcis5VXBjTEFtL3MxOXV4YjB1VWk1eFRTRGRCVC80OFFvNjFSMVQKVVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" + } + }, + "roots": { + "dcf166eebe7cbd9760947a88213d94e656349c647d439569dc76a275f05b7159": { + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNHakNDQWFHZ0F3SUJBZ0lVQUxuVmlWZm5VMGJySmFzbVJrSHJuL1VuZmFRd0NnWUlLb1pJemowRUF3TXcKS2pFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUkV3RHdZRFZRUURFd2h6YVdkemRHOXlaVEFlRncweQpNakEwTVRNeU1EQTJNVFZhRncwek1URXdNRFV4TXpVMk5UaGFNRGN4RlRBVEJnTlZCQW9UREhOcFozTjBiM0psCkxtUmxkakVlTUJ3R0ExVUVBeE1WYzJsbmMzUnZjbVV0YVc1MFpYSnRaV1JwWVhSbE1IWXdFQVlIS29aSXpqMEMKQVFZRks0RUVBQ0lEWWdBRThSVlMveXNIK05PdnVEWnlQSVp0aWxnVUY5TmxhcllwQWQ5SFAxdkJCSDFVNUNWNwo3TFNTN3MwWmlING5FN0h2N3B0UzZMdnZSL1NUazc5OExWZ016TGxKNEhlSWZGM3RIU2FleExjWXBTQVNyMWtTCjBOL1JnQkp6LzlqV0NpWG5vM3N3ZVRBT0JnTlZIUThCQWY4RUJBTUNBUVl3RXdZRFZSMGxCQXd3Q2dZSUt3WUIKQlFVSEF3TXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFkQmdOVkhRNEVGZ1FVMzlQcHoxWWtFWmI1cU5qcApLRldpeGk0WVpEOHdId1lEVlIwakJCZ3dGb0FVV01BZVg1RkZwV2FwZXN5UW9aTWkwQ3JGeGZvd0NnWUlLb1pJCnpqMEVBd01EWndBd1pBSXdQQ3NRSzREWWlaWURQSWFEaTVIRktuZnhYeDZBU1NWbUVSZnN5bllCaVgyWDZTSlIKblpVODQvOURaZG5GdnZ4bUFqQk90NlFwQmxjNEovMER4dmtUQ3FwY2x2emlMNkJDQ1BuamRsSUIzUHUzQnhzUApteWdVWTdJaTJ6YmRDZGxpaW93PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgo=", + "intermediates": [ + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI5ekNDQVh5Z0F3SUJBZ0lVQUxaTkFQRmR4SFB3amVEbG9Ed3lZQ2hBTy80d0NnWUlLb1pJemowRUF3TXcKS2pFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUkV3RHdZRFZRUURFd2h6YVdkemRHOXlaVEFlRncweQpNVEV3TURjeE16VTJOVGxhRncwek1URXdNRFV4TXpVMk5UaGFNQ294RlRBVEJnTlZCQW9UREhOcFozTjBiM0psCkxtUmxkakVSTUE4R0ExVUVBeE1JYzJsbmMzUnZjbVV3ZGpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBSWdOaUFBVDcKWGVGVDRyYjNQUUd3UzRJYWp0TGszL09sbnBnYW5nYUJjbFlwc1lCcjVpKzR5bkIwN2NlYjNMUDBPSU9aZHhleApYNjljNWlWdXlKUlErSHowNXlpK1VGM3VCV0FsSHBpUzVzaDArSDJHSEU3U1hyazFFQzVtMVRyMTlMOWdnOTJqCll6QmhNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUlkKd0I1ZmtVV2xacWw2ekpDaGt5TFFLc1hGK2pBZkJnTlZIU01FR0RBV2dCUll3QjVma1VXbFpxbDZ6SkNoa3lMUQpLc1hGK2pBS0JnZ3Foa2pPUFFRREF3TnBBREJtQWpFQWoxbkhlWFpwKzEzTldCTmErRURzRFA4RzFXV2cxdENNCldQL1dIUHFwYVZvMGpoc3dlTkZaZ1NzMGVFN3dZSTRxQWpFQTJXQjlvdDk4c0lrb0YzdlpZZGQzL1Z0V0I1YjkKVE5NZWE3SXgvc3RKNVRmY0xMZUFCTEU0Qk5KT3NRNHZuQkhKCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + ] + } + }, + "timestampauthorities": { + "freetsa": { + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUgvekNDQmVlZ0F3SUJBZ0lKQU1IcGhoWU5xT21BTUEwR0NTcUdTSWIzRFFFQkRRVUFNSUdWTVJFd0R3WUQKVlFRS0V3aEdjbVZsSUZSVFFURVFNQTRHQTFVRUN4TUhVbTl2ZENCRFFURVlNQllHQTFVRUF4TVBkM2QzTG1aeQpaV1YwYzJFdWIzSm5NU0l3SUFZSktvWklodmNOQVFrQkZoTmlkWE5wYkdWNllYTkFaMjFoYVd3dVkyOXRNUkl3CkVBWURWUVFIRXdsWGRXVnllbUoxY21jeER6QU5CZ05WQkFnVEJrSmhlV1Z5YmpFTE1Ba0dBMVVFQmhNQ1JFVXcKSGhjTk1UWXdNekV6TURFMU1qRXpXaGNOTkRFd016QTNNREUxTWpFeldqQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbApaU0JVVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5Clp6RWlNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUoKVjNWbGNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRk1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXRnS09EakF5OFJFUTJXVE5xVXVkQW5qaGxDcnBFNnFsCm1RZk5wcGVUbVZ2WnJINHp1dG4rTndUYUhBR3BqU0d2NC9XUnBaMXdaM0JSWjVtUFVCWnlMZ3EwWXJJZlE1RngKMHMvTVJaUHpjMXIzbEtXck1SOXNBUXg0bU40ejExeEZFTzUyOUwwZEZKalBGOU1EOEdwZDJmZVd6R3lwdGxlbApiK1BxVCsrK2ZPYTJvWTArTmFNTTdsL3hjTkhQT2FNejAvMm9sazBpMjJoYktlVmh2b2tQQ3FoRmh6c3VoS3NtCnE0T2Yvbyt0NmRJN3N4NWgwblBNbTRnR1NSaGZxK3o2QlRSZ0NycVFHMkZPTG9WRmd0NmlJbS9Cbk5mZlVyN1YKRFlkM3pabUl3Rk9qL0gzREtIb0dpay94SzNFODJZQTJadWxWT0ZSVy96ajRBcGpQYTVPRmJwSWtkMHBtenh6ZApFY0w0NzloU0E5ZEZpeVZtU3hQdFk1emUxUCtCRTliTVUxUFNjcFJ6dzhNSEZYeHlLcVcxM1F2N0xXdzRzYmszClNjaUI3R0FDYlFpVkd6Z2t2WEc2eTg1SE91dldOdkM1R0xTaXlQOUdsUEIwVjY4dGJ4ejRKVlRSZHcvWG4vWFQKRk56UkJNM2NxOGxCT0FWdC9QQVg1K3VGY3YxUzl3RkU4WWphQmZXQ1AxamRCaWwrYzRlKzB0ZHl3VDJvSm1ZQgpCRi9rRXQxd21Hd01tSHVuTkV1UU56aDFGdEpZNTRoYlVmaVdpMzhtQVNFN3hNdE1oZmovQzRTdmFwaUROODM3CmdZYVBmczh4M0taeGJYN0MzWUFzRm5KaW5sd0FVc3MxZmRLYXI4US9ZVnM3SC9uVTRjNEl4eHh6NGY2N2ZjVnEKTTJJVEtlbnRiQ01DQXdFQUFhT0NBazR3Z2dKS01Bd0dBMVVkRXdRRk1BTUJBZjh3RGdZRFZSMFBBUUgvQkFRRApBZ0hHTUIwR0ExVWREZ1FXQkJUNlZRMk1OR1pSUTB6MzU3T25iSld2ZXVha2x6Q0J5Z1lEVlIwakJJSENNSUcvCmdCVDZWUTJNTkdaUlEwejM1N09uYkpXdmV1YWtsNkdCbTZTQm1EQ0JsVEVSTUE4R0ExVUVDaE1JUm5KbFpTQlUKVTBFeEVEQU9CZ05WQkFzVEIxSnZiM1FnUTBFeEdEQVdCZ05WQkFNVEQzZDNkeTVtY21WbGRITmhMbTl5WnpFaQpNQ0FHQ1NxR1NJYjNEUUVKQVJZVFluVnphV3hsZW1GelFHZHRZV2xzTG1OdmJURVNNQkFHQTFVRUJ4TUpWM1ZsCmNucGlkWEpuTVE4d0RRWURWUVFJRXdaQ1lYbGxjbTR4Q3pBSkJnTlZCQVlUQWtSRmdna0F3ZW1HRmcybzZZQXcKTXdZRFZSMGZCQ3d3S2pBb29DYWdKSVlpYUhSMGNEb3ZMM2QzZHk1bWNtVmxkSE5oTG05eVp5OXliMjkwWDJOaApMbU55YkRDQnp3WURWUjBnQklISE1JSEVNSUhCQmdvckJnRUVBWUh5SkFFQk1JR3lNRE1HQ0NzR0FRVUZCd0lCCkZpZG9kSFJ3T2k4dmQzZDNMbVp5WldWMGMyRXViM0puTDJaeVpXVjBjMkZmWTNCekxtaDBiV3d3TWdZSUt3WUIKQlFVSEFnRVdKbWgwZEhBNkx5OTNkM2N1Wm5KbFpYUnpZUzV2Y21jdlpuSmxaWFJ6WVY5amNITXVjR1JtTUVjRwpDQ3NHQVFVRkJ3SUNNRHNhT1VaeVpXVlVVMEVnZEhKMWMzUmxaQ0IwYVcxbGMzUmhiWEJwYm1jZ1UyOW1kSGRoCmNtVWdZWE1nWVNCVFpYSjJhV05sSUNoVFlXRlRLVEEzQmdnckJnRUZCUWNCQVFRck1Da3dKd1lJS3dZQkJRVUgKTUFHR0cyaDBkSEE2THk5M2QzY3VabkpsWlhSellTNXZjbWM2TWpVMk1EQU5CZ2txaGtpRzl3MEJBUTBGQUFPQwpBZ0VBYUs5K3Y1T0ZZdTlNNnp0WUMrTDY5c3cxb21keWxpODlsWkFmcFdNTWg5Q1JtSmhNNktCcU0vaXB3b0x0Cm54eXhHc2JDUGhjUWp1VHZ6bSt5bE42VndUTW1JbFZ5VlNMS1laY2RTanQvZUNVTis0MUs3c0Q3R1ZteFpCQUYKSUxuQkRtVEdKbUxrclUwS3V1SXBqOGxJL0U2WjZObm11UDIrUkFRU0hzZkJRaTZzc3NuWE1vNEhPVzVndFBPNwpnRHJVcFZYSUQrKzFQNFhuZGtvS243U3Z3NW4welM5ZnYxaHhCY1lJSFBQUVV6ZTJ1MzBiQVF0MG4waUl5Ukx6CmFXdWh0cEF0ZDdmZndFYkFTZ3pCN0UrTkdGNHRwVjM3ZThLaUEyeGlHU1JxVDVuZHUyOGZncE9ZODdnRDNBcloKRGN0WnZ2VENmSGRBUzVrRU8zZ25HR2VaRVZMRG1mRXN2OFRHSmEzQWxqVmE1RTQwSVFEc1VYcFFMaThHK1VDNAoxRFdadThFVlQ0cm5ZYUN3MVZYN1NoT1IxUE5DQ3ZqYjhTOHRmZHVkZDl6aFUzZ0VCMHJ4ZGVUeTF0VmJOTFhXCjk5eTkweGN3cjFaSURVd00veFEvbm9POEZSaG0wTG9QQzczRWYrSjRaQmRydld3YXVGM3pKZTMzZDRpYnhFY2IKOC9wejVXekZrZWl4WU0ybnNIaHFIc0JLdzdKUG91S05YUm5sNUlBRTFlRm1xRHlDN0cvVlQ3T0Y2Njl4TTZoYgpVdDVHMjFKRTRjTks2Tk51Y1MrZnpnMUpQWDArM1Zoc1laamo3RDV1bGpSdlFYcko4aUhnci9NNmoyb0xIdlRBCkkyTUxkcTJxalpGRE9DWHN4QnhKcGJtTEdCeDlvdzZaZXJsVXh6d3MyQVd2MnBrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } + } + }