Switch to reporting to Kosli trails

.github/workflows/main.yml

@@ -20,7 +20,7 @@ jobs:
 
   build-test-push:
     needs: [pre-build]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_build_test_push.yml@v0.0.6
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_build_test_push.yml@v0.0.11
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
       KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}
@@ -38,7 +38,7 @@ jobs:
 
   deploy-staging:
     needs: [pre-build, build-test-push]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_deploy.yml@v0.0.6
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_deploy.yml@v0.0.11
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
       KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}
@@ -55,7 +55,7 @@ jobs:
 
   deploy-prod:
     needs: [pre-build, build-test-push]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_deploy.yml@v0.0.6
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/kosli_deploy.yml@v0.0.11
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
       KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}

.kosli.yml

@@ -0,0 +1,8 @@
+version: 1
+
+trail:
+  artifacts:
+    - name: custom-start-points
+      attestations:
+        - name: snyk-scan
+          type: snyk

build_test_publish.sh

@@ -167,8 +167,8 @@ on_ci()
 # - - - - - - - - - - - - - - - - - - - - - - - -
 exit_non_zero_unless_installed docker
 exit_non_zero_unless_installed git
-on_ci_kosli_create_flow
+on_ci_kosli_begin_trail
 build_test_publish
-on_ci_kosli_report_artifact_creation
-on_ci_kosli_report_snyk_scan_evidence
+on_ci_kosli_attest_artifact_creation
+on_ci_kosli_attest_snyk_scan_evidence
 on_ci_kosli_assert_artifact

sh/kosli.sh

@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
 set -Eeu
 
-export KOSLI_FLOW=custom-start-points
+export KOSLI_ORG=cyber-dojo
+export KOSLI_FLOW=custom-start-points-ci
+export KOSLI_TRAIL="${GITHUB_SHA}"
 
 # KOSLI_ORG is set in CI
 # KOSLI_API_TOKEN is set in CI
@@ -11,7 +13,7 @@ export KOSLI_FLOW=custom-start-points
 # SNYK_TOKEN is set in CI
 
 # - - - - - - - - - - - - - - - - - - -
-kosli_create_flow()
+kosli_begin_trail()
 {
   local -r hostname="${1}"
   local -r api_token="${2}"
@@ -20,35 +22,40 @@ kosli_create_flow()
     --description="Custom exercises choices" \
     --host="${hostname}" \
     --api-token="${api_token}" \
-    --template=artifact,snyk-scan \
+    --template-file="$(repo_root)/.kosli.yml" \
     --visibility=public
+
+  kosli begin trail "${KOSLI_TRAIL}" \
+    --host="${hostname}" \
+    --api-token="${api_token}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
-kosli_report_artifact()
+kosli_attest_artifact()
 {
   local -r hostname="${1}"
   local -r api_token="${2}"
 
-  kosli report artifact "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}" \
-      --api-token="${api_token}" \
-      --repo-root="$(root_dir)"
+  kosli attest artifact "$(artifact_name)" \
+    --artifact-type=docker \
+    --host="${hostname}" \
+    --api-token="${api_token}" \
+    --name=custom-start-points \
+    --repo-root="$(repo_root)"
 }
 
 # - - - - - - - - - - - - - - - - - - -
-kosli_report_snyk()
+kosli_attest_snyk()
 {
   local -r hostname="${1}"
   local -r api_token="${2}"
 
-  kosli report evidence artifact snyk "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}" \
-      --api-token="${api_token}" \
-      --name=snyk-scan \
-      --scan-results="$(root_dir)/snyk.json"
+  kosli attest snyk "$(artifact_name)" \
+    --artifact-type=docker \
+    --host="${hostname}" \
+    --api-token="${api_token}" \
+    --name=custom-start-points.snyk-scan \
+    --scan-results="$(root_dir)/snyk.json"
 }
 
 # - - - - - - - - - - - - - - - - - - -
@@ -58,40 +65,21 @@ kosli_assert_artifact()
   local -r api_token="${2}"
 
   kosli assert artifact "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}" \
-      --api-token="${api_token}"
-}
-
-# - - - - - - - - - - - - - - - - - - -
-kosli_expect_deployment()
-{
-  local -r environment="${1}"
-  local -r hostname="${2}"
-  local -r api_token="${3}"
-
-  # In .github/workflows/main.yml deployment is its own job
-  # and the image must be present to get its sha256 fingerprint.
-  docker pull "$(artifact_name)"
-
-  kosli expect deployment "$(artifact_name)" \
     --artifact-type=docker \
-    --description="Deployed to ${environment} in Github Actions pipeline" \
-    --environment="${environment}" \
     --host="${hostname}" \
     --api-token="${api_token}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
 artifact_name()
 {
-  source "$(root_dir)/sh/echo_versioner_env_vars.sh"
+  source "$(repo_root)/sh/echo_versioner_env_vars.sh"
   export $(echo_versioner_env_vars)
   echo "${CYBER_DOJO_CUSTOM_START_POINTS_IMAGE}:${CYBER_DOJO_CUSTOM_START_POINTS_TAG}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
-root_dir()
+repo_root()
 {
   git rev-parse --show-toplevel
 }
@@ -103,35 +91,35 @@ on_ci()
 }
 
 # - - - - - - - - - - - - - - - - - - -
-on_ci_kosli_create_flow()
+on_ci_kosli_begin_trail()
 {
   if on_ci ; then
-    kosli_create_flow "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
-    kosli_create_flow "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
+    kosli_begin_trail "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_begin_trail "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
 # - - - - - - - - - - - - - - - - - - -
-on_ci_kosli_report_artifact_creation()
+on_ci_kosli_attest_artifact_creation()
 {
   if on_ci ; then
-    kosli_report_artifact "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
-    kosli_report_artifact "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
+    kosli_attest_artifact "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_attest_artifact "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
 # - - - - - - - - - - - - - - - - - - -
-on_ci_kosli_report_snyk_scan_evidence()
+on_ci_kosli_attest_snyk_scan_evidence()
 {
   if on_ci; then
     set +e
     snyk container test "$(artifact_name)" \
-      --json-file-output="$(root_dir)/snyk.json" \
-      --policy-path="$(root_dir)/.snyk"
+      --json-file-output="$(repo_root)/snyk.json" \
+      --policy-path="$(repo_root)/.snyk"
     set -e
 
-    kosli_report_snyk "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
-    kosli_report_snyk "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
+    kosli_attest_snyk "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_attest_snyk "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }