Skip to content

Commit

Permalink
Add policy for PR that doesn't look for merge (#13)
Browse files Browse the repository at this point in the history
Signed-off-by: John Kjell <john@testifysec.com>
  • Loading branch information
jkjell authored Oct 1, 2024
1 parent e354f55 commit c94240a
Show file tree
Hide file tree
Showing 3 changed files with 478 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,23 @@ jobs:
artifact-upload-name: trufflehog.json
artifact-upload-path: trufflehog.json

verify-pr:
needs: [ generate-sbom, secret-scan]

if: ${{ github.event_name == 'push' }}
uses: testifysec/witness-run-action/.github/workflows/witness.yml@reusable-workflow
with:
pull_request: ${{ github.event_name == 'pull_request' }}
step: verify
pre-command-attestations: "git github environment"
attestations: "git github environment"
artifact-download: image.tar
pre-command: |
curl -sSfL https://github.com/jkjell/witness/releases/download/osff-demo/witness -o /tmp/witness && \
chmod +x /tmp/witness
command: |
/tmp/witness verify -p pr-policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista -l debug
verify:
needs: [ generate-sbom, secret-scan]

Expand Down
Loading

0 comments on commit c94240a

Please sign in to comment.