CI: set kosli-trail env-var at top level (#116)

cyber-dojo · Jan 26, 2024 · ec5886f · ec5886f
1 parent 65fa14d
commit ec5886f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 32 deletions.
diff --git a/.github/workflows/trails.yml b/.github/workflows/trails.yml
@@ -11,6 +11,7 @@ env:
   KOSLI_ORG: cyber-dojo-trails
   KOSLI_FLOW: ${{ vars.KOSLI_FLOW }} # dashboard
   KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN_TRAILS }}
+  KOSLI_TRAIL: ${{ github.sha }}
 
 
 jobs:
@@ -20,7 +21,6 @@ jobs:
     outputs:
       image_tag:   ${{ steps.variables.outputs.image_tag }}
       image_name:  ${{ steps.variables.outputs.image_name }}
-      kosli_trail: ${{ steps.variables.outputs.kosli_trail }}
     steps:
       - uses: actions/checkout@v4
 
@@ -37,22 +37,19 @@ jobs:
 
       - name: Begin Kosli Trail
         run:
-          kosli begin trail "${GITHUB_SHA}"
+          kosli begin trail "${{ env.KOSLI_TRAIL }}"
 
       - name: Set outputs
         id: variables
         run: |
           IMAGE_TAG=${GITHUB_SHA:0:7}
           echo "image_tag=${IMAGE_TAG}" >> ${GITHUB_OUTPUT}       
           echo "image_name=cyberdojo/${{ env.KOSLI_FLOW }}:${IMAGE_TAG}" >> ${GITHUB_OUTPUT}          
-          echo "kosli_trail=${GITHUB_SHA}" >> ${GITHUB_OUTPUT}
 
 
   lint:
     needs: [kosli-trail]
     runs-on: ubuntu-latest
-    env:
-      KOSLI_TRAIL: ${{ needs.kosli-trail.outputs.kosli_trail }}
     steps:
       - uses: actions/checkout@v4
 
@@ -66,14 +63,15 @@ jobs:
           ruby-version: 3.2.0
           bundler-cache: true
 
-      - name: Run Rubocop linter on source, report results to Kosli Trail
+      - name: Run Rubocop linter on source, attest results to Kosli Trail
+        env:
+          KOSLI_EVIDENCE_PATHS: /tmp/evidence/lint
         run: |
-          KOSLI_EVIDENCE_PATHS=/tmp/evidence/lint
-          mkdir -p "${KOSLI_EVIDENCE_PATHS}"
           gem install rubocop
+          mkdir -p "${KOSLI_EVIDENCE_PATHS}"
           set +e
-          rubocop --raise-cop-error . > "${KOSLI_EVIDENCE_PATHS}"/rubocop.log
-          STATUS=$?
+          rubocop --raise-cop-error . | tee ${KOSLI_EVIDENCE_PATHS}/rubocop.log
+          STATUS=${PIPESTATUS[0]}
           set -e
 
           KOSLI_COMPLIANT=$([ ${STATUS} = 0 ] && echo true || echo false)
@@ -88,8 +86,6 @@ jobs:
   pull-request:
     needs: [kosli-trail]
     runs-on: ubuntu-latest
-    env:
-      KOSLI_TRAIL: ${{ needs.kosli-trail.outputs.kosli_trail }}
     permissions:
       id-token: write
       contents: write
@@ -102,7 +98,7 @@ jobs:
         with:
           version: ${{ vars.KOSLI_CLI_VERSION }}
 
-      - name: Report pull-request evidence to Kosli
+      - name: Attest pull-request evidence to Kosli
         run:
           kosli attest pullrequest github
             --github-token="${{ secrets.GITHUB_TOKEN }}"
@@ -138,7 +134,7 @@ jobs:
         with:
           version: ${{ vars.KOSLI_CLI_VERSION }}
 
-      - name: Report image to Kosli flow
+      - name: Attest image to Kosli Trail
         run:
           kosli attest artifact "${IMAGE_NAME}" 
             --artifact-type=docker
@@ -167,7 +163,6 @@ jobs:
     needs: [build-image, kosli-trail]
     runs-on: ubuntu-latest
     env:
-      KOSLI_TRAIL:       ${{ needs.kosli-trail.outputs.kosli_trail }}
       IMAGE_NAME:        ${{ needs.kosli-trail.outputs.image_name }}
       KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.kosli_fingerprint }}
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -190,7 +185,7 @@ jobs:
             --json-file-output=snyk.json 
             --policy-path=.snyk
 
-      - name: Report Snyk results to Kosli Trail
+      - name: Attest Snyk results to Kosli Trail
         run:
           kosli attest snyk "${IMAGE_NAME}" 
             --name=dashboard.snyk-scan 

diff --git a/.github/workflows/trails_staging.yml b/.github/workflows/trails_staging.yml
@@ -11,6 +11,7 @@ env:
   KOSLI_ORG: cyber-dojo-trails
   KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}         # dashboard
   KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN_TRAILS_STAGING }}
+  KOSLI_TRAIL: ${{ github.sha }}
 
 
 jobs:
@@ -20,7 +21,6 @@ jobs:
     outputs:
       image_tag:   ${{ steps.variables.outputs.image_tag }}
       image_name:  ${{ steps.variables.outputs.image_name }}
-      kosli_trail: ${{ steps.variables.outputs.kosli_trail }}
     steps:
       - uses: actions/checkout@v4
 
@@ -37,22 +37,19 @@ jobs:
 
       - name: Begin Kosli Trail
         run:
-          kosli begin trail "${GITHUB_SHA}"
+          kosli begin trail "${{ env.KOSLI_TRAIL }}"
 
       - name: Set outputs
         id: variables
         run: |
           IMAGE_TAG=${GITHUB_SHA:0:7}
           echo "image_tag=${IMAGE_TAG}" >> ${GITHUB_OUTPUT}       
           echo "image_name=cyberdojo/${{ env.KOSLI_FLOW }}:${IMAGE_TAG}" >> ${GITHUB_OUTPUT}          
-          echo "kosli_trail=${GITHUB_SHA}" >> ${GITHUB_OUTPUT}
 
 
   lint:
     needs: [kosli-trail]
     runs-on: ubuntu-latest
-    env:
-      KOSLI_TRAIL: ${{ needs.kosli-trail.outputs.kosli_trail }}
     steps:
       - uses: actions/checkout@v4
 
@@ -67,13 +64,14 @@ jobs:
           bundler-cache: true
 
       - name: Run Rubocop linter on source, report results to Kosli Trail
+        env:
+          KOSLI_EVIDENCE_PATHS: /tmp/evidence/lint
         run: |
-          KOSLI_EVIDENCE_PATHS=/tmp/evidence/lint
-          mkdir -p "${KOSLI_EVIDENCE_PATHS}"
           gem install rubocop
+          mkdir -p "${KOSLI_EVIDENCE_PATHS}"
           set +e
-          rubocop --raise-cop-error . > "${KOSLI_EVIDENCE_PATHS}"/rubocop.log
-          STATUS=$?
+          rubocop --raise-cop-error . | tee "${KOSLI_EVIDENCE_PATHS}"/rubocop.log
+          STATUS=${PIPESTATUS[0]}
           set -e
 
           KOSLI_COMPLIANT=$([ ${STATUS} = 0 ] && echo true || echo false)
@@ -88,8 +86,6 @@ jobs:
   pull-request:
     needs: [kosli-trail]
     runs-on: ubuntu-latest
-    env:
-      KOSLI_TRAIL: ${{ needs.kosli-trail.outputs.kosli_trail }}
     permissions:
       id-token: write
       contents: write
@@ -102,7 +98,7 @@ jobs:
         with:
           version: ${{ vars.KOSLI_CLI_VERSION }}
 
-      - name: Report pull-request evidence to Kosli
+      - name: Attest pull-request evidence to Kosli Trail
         run:
           kosli attest pullrequest github
             --github-token="${{ secrets.GITHUB_TOKEN }}"
@@ -113,7 +109,6 @@ jobs:
     needs: [kosli-trail]
     runs-on: ubuntu-latest
     env:
-      KOSLI_TRAIL: ${{ needs.kosli-trail.outputs.kosli_trail }}
       IMAGE_NAME:  ${{ needs.kosli-trail.outputs.image_name }}
     outputs:
       kosli_fingerprint: ${{ steps.variables.outputs.kosli_fingerprint }}
@@ -129,7 +124,7 @@ jobs:
         with:
           version: ${{ vars.KOSLI_CLI_VERSION }}
 
-      - name: Report image to Kosli flow
+      - name: Attest image to Kosli Trail
         run:
           kosli attest artifact "${IMAGE_NAME}" 
             --artifact-type=docker
@@ -158,7 +153,6 @@ jobs:
     needs: [build-image, kosli-trail]
     runs-on: ubuntu-latest
     env:
-      KOSLI_TRAIL:       ${{ needs.kosli-trail.outputs.kosli_trail }}
       IMAGE_NAME:        ${{ needs.kosli-trail.outputs.image_name }}
       KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.kosli_fingerprint }}
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -181,7 +175,7 @@ jobs:
             --json-file-output=snyk.json 
             --policy-path=.snyk
 
-      - name: Report Snyk results to Kosli Trail
+      - name: Attest Snyk results to Kosli Trail
         run:
           kosli attest snyk "${IMAGE_NAME}" 
             --name=dashboard.snyk-scan