Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-06 21:59:12 -04:00
Code Issues Projects Releases Packages Wiki Activity

ci: group output

Browse source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-03-07 14:48:50 +01:00
parent f4a4a044fe
commit e4b5655646
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/actions/container_sbom/action.yml vendored
View file

@ -32,6 +32,7 @@ runs:
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
run: | run: |
echo "::group::Generate SBOM"
set -ex set -ex
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
@ -40,3 +41,4 @@ runs:
# https://github.com/sigstore/cosign/issues/2264 # https://github.com/sigstore/cosign/issues/2264
cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
echo "::endgroup::"

4
.github/actions/install_syft_grype/action.yml vendored
View file

@ -31,8 +31,10 @@ runs:
curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
sudo install syft /usr/bin/syft sudo install syft /usr/bin/syft
syft version
curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
sudo install grype /usr/bin/grype sudo install grype /usr/bin/grype
echo "::endgroup::"
syft version
grype version grype version