Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Link & SLSA attestor #381

Merged
merged 35 commits into from
May 10, 2024
Merged

Link & SLSA attestor #381

merged 35 commits into from
May 10, 2024

Conversation

jkjell
Copy link
Member

@jkjell jkjell commented Feb 5, 2024

What this PR does / why we need it

Add a SLSA & Link Attestor with an option to export them to their own attestations.

Acceptance Criteria Met

  • Docs changes if needed
  • Testing changes if needed
  • All workflow checks passing (automatically enforced)
  • All review conversations resolved (automatically enforced)
  • DCO Sign-off

Special notes for your reviewer:

docs/commands.md Outdated Show resolved Hide resolved
Copy link

netlify bot commented Mar 22, 2024

Deploy Preview for witness-project ready!

Name Link
🔨 Latest commit bd1efde
🔍 Latest deploy log https://app.netlify.com/sites/witness-project/deploys/663d30d38156d00009ee1037
😎 Deploy Preview https://deploy-preview-381--witness-project.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@jkjell jkjell marked this pull request as ready for review April 8, 2024 02:24
@ChaosInTheCRD ChaosInTheCRD changed the title Link attestor Link & SLSA attestor Apr 8, 2024
@jkjell jkjell force-pushed the link-attestor branch 2 times, most recently from b496d98 to d93dd87 Compare April 19, 2024 22:06
jkjell and others added 21 commits May 9, 2024 14:37
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
…e output to backwards compatible

Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b7bf0a3...e8893c5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@eb238b5...63c24ba)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@9614fae...e1523de)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@6b208ae...eaceaf8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@26f96df...5d5d22a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [testifysec/witness-run-action](https://github.com/testifysec/witness-run-action) from 0.1.3 to 0.1.5.
- [Release notes](https://github.com/testifysec/witness-run-action/releases)
- [Commits](testifysec/witness-run-action@40aa4ef...2ae7f93)

---
updated-dependencies:
- dependency-name: testifysec/witness-run-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.3.1 to 1.3.3.
- [Release notes](https://github.com/fossas/fossa-action/releases)
- [Commits](fossas/fossa-action@f61a4c0...47ef11b)

---
updated-dependencies:
- dependency-name: fossas/fossa-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@e8893c5...3796146)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@4901385...fd07d42)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.1 to 4.1.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@fd07d42...9129d7d)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@3796146...47b3d88)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
dependabot bot and others added 12 commits May 9, 2024 14:38
Signed-off-by: John Kjell <john@testifysec.com>
* fix: run e2e test script as part of workflows
---------
Signed-off-by: Mikhail Swift <mikhail@testifysec.com>
Co-authored-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8a470fd...05963f4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@343f7c4...e92390c)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@05963f4...1b1aada)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@9129d7d...733dd5d)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@ab5e6d0...0c45773)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
Change to group dependency updates per ecosystem (GHA, go-mod)

Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps the all-gha group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).

Updates `actions/dependency-review-action` from 4.2.4 to 4.2.5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@733dd5d...5bbc3ba)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-gha
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
)

Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
Bumps the all-gha group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).

Updates `github/codeql-action` from 3.24.9 to 3.24.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@1b1aada...4355270)

Updates `sigstore/cosign-installer` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@e1523de...59acb62)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-gha
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-gha
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
jkjell added 2 commits May 9, 2024 14:51
Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell jkjell merged commit fc48494 into main May 10, 2024
17 checks passed
@jkjell jkjell deleted the link-attestor branch May 10, 2024 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants