ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-10-05 21:27:52 +03:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
1e1bfabccf
scorecard/.github/workflows/publishimage.yml
Carlos Tadeu Panato Junior 83c07bfd32
🌱 github actions cleanup and set to get the latest go available (#2135) 
* update slsa generator to 1.2.0 and use git hash

Signed-off-by: cpanato <ctadeu@gmail.com>

* update go to get always the latest available and general cleanup

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>
2022-08-10 08:44:33 -07:00

68 lines
2.0 KiB
YAML
Raw Blame History

# Copyright 2021 Security Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: publishimage
permissions: read-all
on:
push:
branches:
- main
env:
GO_VERSION: 1.17
jobs:
unit-test:
name: publishimage
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
env:
COSIGN_EXPERIMENTAL: "true"
steps:
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Clone the code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: install ko
uses: imjasonh/setup-ko@78eea08f10db87a7a23a666a4a6fe2734f2eeb8d
- name: publishimage
uses: nick-invision/retry@b4fa57557dda8c2f30bcb2d19372cc3237190f7f
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make install
make scorecard-ko
- name: Install Cosign
uses: sigstore/cosign-installer@09a077b27eb1310dcfb21981bee195b30ce09de0
- name: Sign image
run: |
cosign sign ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }}
Reference in New Issue View Git Blame Copy Permalink