Improve gha (#318)

* fix: github organization name Fix the github organization name to in-toto. Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> * pin GHA full-length commit SHA It's a good practice to pin the GitHub Actions with full-length commit sha as described in the "Security hardening for GitHub Actions". https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions I noticed that dependabot also checks weekly with updates. It will maintain the updates using the hash. Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> * fixup! pin GHA full-length commit SHA * fixup! pin GHA full-length commit SHA --------- Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> Co-authored-by: Kairo de Araujo <kairo.araujo@testifysec.com> Co-authored-by: John Kjell <john@testifysec.com>
in-toto · Dec 4, 2023 · 81bdfce · 81bdfce
1 parent f65b232
commit 81bdfce
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [sast, unit-test]
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
-    
+
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

diff --git a/.github/workflows/witness.yml b/.github/workflows/witness.yml
@@ -15,7 +15,7 @@
 on:
     workflow_call:
         inputs:
-            pull_request: 
+            pull_request:
                 required: true
                 type: boolean
             artifact-download:
@@ -39,7 +39,7 @@ on:
             attestations:
                 required: true
                 type: string
-            
+
 jobs:
     witness:
         runs-on: ubuntu-latest

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -4,7 +4,7 @@ builds:
       - "-s -w"
       - "-extldflags=-zrelro"
       - "-extldflags=-znow"
-      - "-extldflags -w -X 'github.com/testifysec/witness/cmd.Version={{.Tag}}-{{.ShortCommit}}'"
+      - "-extldflags -w -X 'github.com/in-toto/witness/cmd.Version={{.Tag}}-{{.ShortCommit}}'"
     env:
       - "CGO_ENABLED=0"
       - "GO111MODULE=on"
@@ -40,7 +40,7 @@ release:
   github:
     owner: "{{ .Env.GITHUB_REPOSITORY_OWNER }}"
 kos:
-  - repository: ghcr.io/testifysec/witness
+  - repository: ghcr.io/in-toto/witness
     tags:
     - '{{.Version}}'
     bare: true