2020 step : fmt
2121 attestations : " git github environment"
2222 command : go fmt ./...
23- secrets :
24- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
25- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
2623
2724 vet :
2825 uses : ./.github/workflows/witness.yml
3128 step : vet
3229 attestations : " git github environment"
3330 command : go vet ./...
34- secrets :
35- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
36- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
3731
3832 # --ignore DL3002
3933 lint :
4943command : hadolint -f sarif Dockerfile > hadolint.sarif
5044 artifact-upload-name : hadolint.sarif
5145 artifact-upload-path : hadolint.sarif
52- secrets :
53- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
54- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
5546
5647 unit-test :
5748 needs : [ fmt, vet, lint ]
6354 command : go test ./... -coverprofile cover.out
6455 artifact-upload-name : cover.out
6556 artifact-upload-path : cover.out
66- secrets :
67- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
68- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
6957
7058 sast :
7159 needs : [ fmt, vet, lint ]
7967 command : semgrep scan --config auto ./ --sarif -o semgrep.sarif
8068 artifact-upload-name : semgrep.sarif
8169 artifact-upload-path : semgrep.sarif
82- secrets :
83- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
84- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
8570
8671 build :
8772 needs : [ unit-test, sast ]
9176 step : build
9277 attestations : " git github environment"
9378 command : go build -o bin/software main.go
94- secrets :
95- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
96- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
9779
9880 build-image :
9981 needs : [ unit-test, sast ]
@@ -105,13 +87,6 @@ jobs:
10587 contents : read # This is required for actions/checkout
10688
10789 steps :
108- - name : Tailscale
109- uses : tailscale/github-action@v2
110- with :
111- oauth-client-id : ${{ secrets.TS_OAUTH_CLIENT_ID }}
112- oauth-secret : ${{ secrets.TS_OAUTH_SECRET }}
113- tags : tag:ci
114-
115901169111792
@@ -140,7 +115,7 @@ jobs:
140115 with :
141116 version : 0.6.0
142117 step : build-image
143- archivista-server : " http ://john-minikube-archivista:8082 "
118+ archivista-server : " https ://archivista.aws-sandbox-staging.testifysec.dev/ "
144119 attestations : " git github environment oci slsa"
145120 command : |
146121 /bin/sh -c "docker buildx build -t ${{ steps.meta.outputs.tags }} -o type=docker,dest=image.tar --push ."
@@ -169,9 +144,6 @@ jobs:
169144 syft packages docker-archive:/tmp/image.tar --source-name=pkg:oci/testifysec/swf -o cyclonedx-json --file sbom.cdx.json
170145artifact-upload-name : sbom.cdx.json
171146 artifact-upload-path : sbom.cdx.json
172- secrets :
173- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
174- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
175147
176148 secret-scan :
177149 needs : build-image
@@ -188,6 +160,3 @@ jobs:
188160 trufflehog docker --image=file:///tmp/image.tar -j > trufflehog.json
189161artifact-upload-name : trufflehog.json
190162 artifact-upload-path : trufflehog.json
191- secrets :
192- TS_OAUTH_CLIENT_ID : ${{ secrets.TS_OAUTH_CLIENT_ID }}
193- TS_OAUTH_SECRET : ${{ secrets.TS_OAUTH_SECRET }}
0 commit comments