mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
f13f80b8af
* ci: update Syft to 0.72.0 and Grype to 0.57.1 * ci: install Cosign before Syft * ci: directly read private key from environment for Cosign * ci: add --add-cpes-if-none to Grype * ci: use cosign attest directly instead of syft attest
39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
name: Install Syft & Grype
|
|
description: Installs Syft & Grype.
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Install Syft & Grype
|
|
shell: bash
|
|
working-directory: /tmp
|
|
env:
|
|
SYFT_VERSION: "0.72.0"
|
|
GRYPE_VERSION: "0.57.1"
|
|
OS: ${{ runner.os }}
|
|
ARCH: ${{ runner.arch }}
|
|
run: |
|
|
echo "::group::Download and Install Syft & Grype"
|
|
# Translate GitHub runner naming conventions to GOOS / GOARCH conventions
|
|
if [[ "${OS}" = "macOS" ]]; then
|
|
OS="darwin"
|
|
else
|
|
OS=${OS,,}
|
|
fi
|
|
|
|
if [[ "${ARCH}" = "X64" ]]; then
|
|
ARCH="amd64"
|
|
else
|
|
ARCH=${ARCH,,}
|
|
fi
|
|
|
|
echo "Downloading for ${OS}/${ARCH}"
|
|
|
|
curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
|
|
tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
|
|
sudo install syft /usr/bin/syft
|
|
syft version
|
|
curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
|
|
tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
|
|
sudo install grype /usr/bin/grype
|
|
grype version
|