Skip to content

Commit

Permalink
Store file deltas within repo for automation
Browse files Browse the repository at this point in the history
Signed-off-by: John Kjell <john@testifysec.com>
  • Loading branch information
jkjell committed Jun 25, 2024
1 parent c38de5c commit b6ba498
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 0 deletions.
66 changes: 66 additions & 0 deletions pr-1/pipeline.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

name: pipeline

on:
push:
branches:
- '*'
pull_request:
branches:
- '*'

jobs:
build-image:
runs-on: ubuntu-latest

permissions:
packages: write
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

steps:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}/swf

- name: Docker Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Setup Buildx
uses: docker/setup-buildx-action@v3

- name: Checkout Code
uses: actions/checkout@v4.1.1

- name: Build Image
uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
with:
archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
step: build-image
attestations: "environment git github slsa"
command: /bin/sh -c "docker buildx build -t ${{ steps.meta.outputs.tags }} --push ."

- name: Generate SBOM
uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
with:
archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
step: gen-sbom
attestations: "environment git github sbom"
command: |
/bin/sh -c "curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.7.0 && \
syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/testifysec/swf -o cyclonedx-json --file sbom.cdx.json"
- name: Upload SBOM
uses: actions/upload-artifact@v4.3.3
with:
name: sbom
path: sbom.cdx.json
25 changes: 25 additions & 0 deletions pr-2/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
FROM cgr.dev/chainguard/go@sha256:605d81422aba573c17bfd6029a217e94a9575179a98355a99acbb6e028ca883b AS builder

ARG TARGETPLATFORM
ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT=""
ARG LDFLAGS

ENV GO111MODULE=on \
CGO_ENABLED=0 \
GOOS=${TARGETOS} \
GOARCH=${TARGETARCH} \
GOARM=${TARGETVARIANT}

WORKDIR /build

COPY . .

RUN go build -o bin/software

FROM cgr.dev/chainguard/static@sha256:676e989769aa9a5254fbfe14abb698804674b91c4d574bb33368d87930c5c472

COPY --from=builder /build/bin/software /software

ENTRYPOINT ["/software"]

0 comments on commit b6ba498

Please sign in to comment.