Skip to content

Commit

Permalink
Add additional attestors
Browse files Browse the repository at this point in the history
Signed-off-by: John Kjell <john@testifysec.com>
  • Loading branch information
jkjell committed Oct 31, 2023
1 parent 47dc4ea commit 97d1ea0
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions .github/workflows/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,23 +16,23 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: fmt
attestations: "github"
attestations: "git github env"
command: go fmt ./...

vet:
uses: ./.github/workflows/witness.yml
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: vet
attestations: "github"
attestations: "git github env"
command: go vet ./...

lint:
uses: ./.github/workflows/witness.yml
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: lint
attestations: "github"
attestations: "git github env"
pre-command: |
curl -sSfL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && \
chmod +x /usr/local/bin/hadolint
Expand All @@ -46,7 +46,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: unit-test
attestations: "github"
attestations: "git github env"
command: go test ./... -coverprofile cover.out
artifact-upload-name: cover.out
artifact-upload-path: cover.out
Expand All @@ -57,7 +57,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: sast
attestations: "github"
attestations: "git github env"
pre-command: python3 -m pip install semgrep==1.45.0
command: semgrep scan --config auto ./ --sarif -o semgrep.sarif
artifact-upload-name: semgrep.sarif
Expand All @@ -69,7 +69,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: build
attestations: "github"
attestations: "git github env"
command: go build -o bin/software main.go

build-image:
Expand All @@ -84,7 +84,7 @@ jobs:
uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934
with:
step: build-image
attestations: "github oci"
attestations: "git github env oci"
command: |
/bin/sh -c "docker build -t jkjell/software:dev . && docker save jkjell/software:dev > image.tar"
Expand All @@ -100,7 +100,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: generate-sbom
attestations: "github"
attestations: "git github env"
artifact-download: image.tar
pre-command: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
Expand All @@ -115,7 +115,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: cve-scan
attestations: "github"
attestations: "git github env"
artifact-download: image.tar
pre-command: |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
Expand All @@ -130,7 +130,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: secret-scan
attestations: "github"
attestations: "git github env"
artifact-download: image.tar
pre-command: |
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
Expand All @@ -147,7 +147,7 @@ jobs:
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: verify
attestations: "github"
attestations: "git github env"
artifact-download: image.tar
pre-command: |
curl -sSfL https://github.com/testifysec/witness/releases/download/v0.1.14/witness_0.1.14_linux_amd64.tar.gz -o witness.tar.gz && \
Expand Down

0 comments on commit 97d1ea0

Please sign in to comment.