Skip to content

Commit

Permalink
CI: use kosli-trail env-var in trails_staging.yml workflow (#104)
Browse files Browse the repository at this point in the history
  • Loading branch information
@JonJagger
JonJagger committed Jan 16, 2024
1 parent 3a1e48e commit 205227e
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 31 deletions.
19 changes: 10 additions & 9 deletions .github/workflows/trails.yml
View file
Expand Up @@ -13,6 +13,7 @@ env:
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN_TRAILS }}
KOSLI_TRAIL: $GITHUB_SHA


jobs:

variables:
Expand Down Expand Up @@ -123,7 +124,7 @@ jobs:

- name: Wait for image to be built in main.yml
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
./sh/wait_for_image.sh "${IMAGE_NAME}"
- name: Setup Kosli CLI
Expand All @@ -135,7 +136,7 @@ jobs:
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli attest artifact "${IMAGE_NAME}" \
--artifact-type=docker \
Expand Down Expand Up @@ -174,7 +175,7 @@ jobs:
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
snyk container test "${IMAGE_NAME}" \
--file=Dockerfile \
--json-file-output=snyk.json \
Expand All @@ -184,7 +185,7 @@ jobs:
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli attest snyk "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -204,7 +205,7 @@ jobs:

- name: Kosli SDLC gate to short-circuit-the-trail
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli assert artifact "${IMAGE_NAME}" \
--artifact-type=docker
Expand All @@ -225,7 +226,7 @@ jobs:

- name: Report approval of deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli report approval "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -234,7 +235,7 @@ jobs:
- name: Report expected deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli expect deployment "${IMAGE_NAME}" \
--artifact-type=docker \
Expand Down Expand Up @@ -279,7 +280,7 @@ jobs:

- name: Report approval of deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli report approval "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -288,7 +289,7 @@ jobs:
- name: Report expected deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli expect deployment "${IMAGE_NAME}" \
--artifact-type=docker \
Expand Down
59 changes: 37 additions & 22 deletions .github/workflows/trails_staging.yml
View file
Expand Up @@ -11,6 +11,7 @@ env:
KOSLI_ORG: cyber-dojo-trails
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }} # dashboard
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN_TRAILS_STAGING }}
KOSLI_TRAIL: $GITHUB_SHA


jobs:
Expand All @@ -28,6 +29,7 @@ jobs:
echo "image_name=cyberdojo/${{ env.KOSLI_FLOW }}:${TAG}" >> ${GITHUB_OUTPUT}
echo "image_tag=${TAG}" >> ${GITHUB_OUTPUT}
create-kosli-trail:
runs-on: ubuntu-latest
steps:
Expand All @@ -45,8 +47,11 @@ jobs:
--template-file=.kosli.yml

- name: Begin Kosli Trail
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run:
kosli begin trail "${GITHUB_SHA}"
kosli begin trail "${{ env.KOSLI_TRAIL }}"


lint:
needs: [variables, create-kosli-trail]
Expand All @@ -65,24 +70,27 @@ jobs:
bundler-cache: true

- name: Run Rubocop linter on source, report results to Kosli Trail
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run: |
export LINT_EVIDENCE_DIR=/tmp/evidence/lint
mkdir -p "${LINT_EVIDENCE_DIR}"
export KOSLI_EVIDENCE_PATHS=/tmp/evidence/lint
mkdir -p "${KOSLI_EVIDENCE_PATHS}"
gem install rubocop
set +e
rubocop --raise-cop-error . > "${LINT_EVIDENCE_DIR}"/rubocop.log
rubocop --raise-cop-error . > "${KOSLI_EVIDENCE_PATHS}"/rubocop.log
STATUS=$?
set -e
KOSLI_COMPLIANT=$([ ${STATUS} = 0 ] && echo true || echo false)
cp .rubocop.yml "${LINT_EVIDENCE_DIR}"
cp .rubocop.yml "${KOSLI_EVIDENCE_PATHS}"
kosli attest generic \
--compliant="${KOSLI_COMPLIANT}" \
--evidence-paths="${LINT_EVIDENCE_DIR}" \
--evidence-paths="${KOSLI_EVIDENCE_PATHS}" \
--name=lint \
--trail="${GITHUB_SHA}"
--trail="${{ env.KOSLI_TRAIL }}"
exit $STATUS
pull-request:
needs: [variables, create-kosli-trail]
runs-on: ubuntu-latest
Expand All @@ -99,11 +107,14 @@ jobs:
version: ${{ vars.KOSLI_CLI_VERSION }}

- name: Report pull-request evidence to Kosli
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run:
kosli attest pullrequest github
--github-token="${{ secrets.GITHUB_TOKEN }}"
--name=pull-request
--trail="${GITHUB_SHA}"
--trail="${{ env.KOSLI_TRAIL }}"


build-image:
needs: [variables, create-kosli-trail]
Expand All @@ -113,7 +124,7 @@ jobs:

- name: Wait for image to be built in main.yml
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
./sh/wait_for_image.sh "${IMAGE_NAME}"
- name: Setup Kosli CLI
Expand All @@ -122,13 +133,15 @@ jobs:
version: ${{ vars.KOSLI_CLI_VERSION }}

- name: Report image to Kosli flow
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli attest artifact "${IMAGE_NAME}" \
--artifact-type=docker \
--name=dashboard \
--trail="${GITHUB_SHA}"
--trail="${{ env.KOSLI_TRAIL }}"
unit-tests:
Expand Down Expand Up @@ -162,21 +175,23 @@ jobs:
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
snyk container test "${IMAGE_NAME}" \
--file=Dockerfile \
--json-file-output=snyk.json \
--policy-path=.snyk
- name: Report Snyk results to Kosli Trail
env:
KOSLI_TRAIL: ${{ env.KOSLI_TRAIL }}
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli attest snyk "${IMAGE_NAME}" \
--artifact-type=docker \
--name=dashboard.snyk-scan \
--scan-results=snyk.json \
--trail="${GITHUB_SHA}"
--trail="${{ env.KOSLI_TRAIL }}"
sdlc-control-gate:
Expand All @@ -190,10 +205,10 @@ jobs:

- name: Kosli SDLC gate to short-circuit-the-trail
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli assert artifact "${IMAGE_NAME}" \
--artifact-type=docker
--artifact-type=docker
approve-deployment-to-beta:
Expand All @@ -211,7 +226,7 @@ jobs:

- name: Report approval of deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli report approval "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -220,7 +235,7 @@ jobs:
- name: Report expected deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli expect deployment "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -241,7 +256,7 @@ jobs:

- name: Wait for deployment to aws-beta in main.yml
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
./sh/wait_for_deployment.sh \
"${IMAGE_NAME}" \
"${{ env.KOSLI_HOST }}" \
Expand All @@ -265,7 +280,7 @@ jobs:

- name: Report approval of deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli report approval "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -274,7 +289,7 @@ jobs:
- name: Report expected deployment to Kosli
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
docker pull "${IMAGE_NAME}"
kosli expect deployment "${IMAGE_NAME}" \
--artifact-type=docker \
Expand All @@ -295,7 +310,7 @@ jobs:

- name: Wait for deployment to aws-prod in main.yml
run: |
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
IMAGE_NAME=${{ needs.variables.outputs.image_name }}
./sh/wait_for_deployment.sh \
"${IMAGE_NAME}" \
"${{ env.KOSLI_HOST }}" \
Expand Down

0 comments on commit 205227e

Please sign in to comment.