Skip to content

Add KubeCon + CloudNativeCon NA '23 demo files #21

Add KubeCon + CloudNativeCon NA '23 demo files

Add KubeCon + CloudNativeCon NA '23 demo files #21

Workflow file for this run

name: Test composite actions on SBOM+SLSA example
on:
push:
branches:
- main
paths:
- "scai-gen/**"
# Want to trigger these tests whenever the Go CLI or
# APIs are modified
pull_request:
paths:
- "scai-gen/**"
jobs:
sbom-slsa-ex:
runs-on: ubuntu-22.04
steps:
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: 1.20.x
- name: Checkout updated scai-gen CLI tools
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Setup Env
run: |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Install scai-gen CLI tools
shell: bash
run: |
go install ./scai-gen
mkdir -p temp
- name: Generate SBOM SCAI AttributeAssertion
id: gen-sbom-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSBOM"
evidence-file: "pdo_client_wawaka.spdx.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/json"
download-evidence: false
assertion-name: "hassbom-assertion.json"
- name: Generate SLSA Provenance SCAI AttributeAssertion
id: gen-slsa-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSLSA"
evidence-file: "pdo_client_wawaka.provenance.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/vnd.in-toto.provenance+dsse"
download-evidence: false
assertion-name: "hasslsa-assertion.json"
- name: Generate SCAI AttributeReport
id: gen-sbom-slsa-report
uses: ./.github/actions/scai-gen-report
with:
subject: "examples/sbom+slsa/metadata/container-img-desc.json"
attr-assertions: "${{ steps.gen-sbom-assert.outputs.assertion-name }} ${{ steps.gen-slsa-assert.outputs.assertion-name }}"
report-name: "evidence-collection.scai.json"