Compare commits
1 commit
main
...
bdehamer/e
| Author | SHA1 | Date | |
|---|---|---|---|
|
740d40239e |
1 changed files with 29 additions and 13 deletions
42
.github/workflows/prober.yml
vendored
42
.github/workflows/prober.yml
vendored
|
|
@ -5,6 +5,20 @@ on:
|
||||||
inputs:
|
inputs:
|
||||||
sigstore:
|
sigstore:
|
||||||
description: 'Which Sigstore instance to use for signing'
|
description: 'Which Sigstore instance to use for signing'
|
||||||
|
default: 'public-good'
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
|
secrets:
|
||||||
|
trust-domain:
|
||||||
|
description: 'Trust domain in which the test is executed'
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
service:
|
||||||
|
description: 'Service against which status should be reported'
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
team:
|
||||||
|
description: 'Team associated with status report'
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
|
|
@ -16,6 +30,8 @@ jobs:
|
||||||
id-token: write
|
id-token: write
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- uses: hmarr/debug-action@v2
|
||||||
|
|
||||||
- name: Request OIDC Token
|
- name: Request OIDC Token
|
||||||
run: |
|
run: |
|
||||||
curl "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=nobody" \
|
curl "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=nobody" \
|
||||||
|
|
@ -28,6 +44,11 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
date > artifact
|
date > artifact
|
||||||
|
|
||||||
|
- name: Upload build artifact
|
||||||
|
uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
path: "artifact"
|
||||||
|
|
||||||
- name: Attest build provenance
|
- name: Attest build provenance
|
||||||
uses: actions/attest-build-provenance@v1
|
uses: actions/attest-build-provenance@v1
|
||||||
env:
|
env:
|
||||||
|
|
@ -41,11 +62,6 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER"
|
gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER"
|
||||||
|
|
||||||
- name: Upload build artifact
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
with:
|
|
||||||
path: "artifact"
|
|
||||||
|
|
||||||
- name: Report attestation prober success
|
- name: Report attestation prober success
|
||||||
if: ${{ success() }}
|
if: ${{ success() }}
|
||||||
uses: masci/datadog@a5d283e78e33a688ed08a96ba64440505e645a8c # v1.7.1
|
uses: masci/datadog@a5d283e78e33a688ed08a96ba64440505e645a8c # v1.7.1
|
||||||
|
|
@ -56,12 +72,12 @@ jobs:
|
||||||
status: 0
|
status: 0
|
||||||
host_name: github.com
|
host_name: github.com
|
||||||
tags:
|
tags:
|
||||||
- "catalog_service:${{ secrets.CATALOG_SERVICE }}"
|
- "catalog_service:${{ secrets.service }}"
|
||||||
- "service:${{ secrets.CATALOG_SERVICE }}"
|
- "service:${{ secrets.service }}"
|
||||||
- "stamp:${{ secrets.STAMP }}"
|
- "stamp:${{ secrets.trust-domain }}"
|
||||||
- "env:production"
|
- "env:production"
|
||||||
- "repo:${{ github.repository }}"
|
- "repo:${{ github.repository }}"
|
||||||
- "team:${{ secrets.TEAM }}"
|
- "team:${{ secrets.team }}"
|
||||||
- "sigstore:${{ inputs.sigstore }}"
|
- "sigstore:${{ inputs.sigstore }}"
|
||||||
|
|
||||||
- name: Report attestation prober failure
|
- name: Report attestation prober failure
|
||||||
|
|
@ -75,10 +91,10 @@ jobs:
|
||||||
status: 2
|
status: 2
|
||||||
host_name: github.com
|
host_name: github.com
|
||||||
tags:
|
tags:
|
||||||
- "catalog_service:${{ secrets.CATALOG_SERVICE }}"
|
- "catalog_service:${{ secrets.service }}"
|
||||||
- "service:${{ secrets.CATALOG_SERVICE }}"
|
- "service:${{ secrets.service }}"
|
||||||
- "stamp:${{ secrets.STAMP }}"
|
- "stamp:${{ secrets.trust-domain }}"
|
||||||
- "env:production"
|
- "env:production"
|
||||||
- "repo:${{ github.repository }}"
|
- "repo:${{ github.repository }}"
|
||||||
- "team:${{ secrets.TEAM }}"
|
- "team:${{ secrets.team }}"
|
||||||
- "sigstore:${{ inputs.sigstore }}"
|
- "sigstore:${{ inputs.sigstore }}"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue