From 8108cd13dc154489ceb84a28f4dff13f2a43e187 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 17:37:22 +0500 Subject: [PATCH 1/4] chore: reuse syft and cosign installa actions across workflows --- .github/actions/install-cosign/action.yaml | 14 ++++++++++++++ .github/actions/install-syft/action.yaml | 14 ++++++++++++++ .github/workflows/ci.yaml | 8 ++------ .github/workflows/release.yaml | 8 ++------ .github/workflows/security.yaml | 6 ++++++ 5 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 .github/actions/install-cosign/action.yaml create mode 100644 .github/actions/install-syft/action.yaml diff --git a/.github/actions/install-cosign/action.yaml b/.github/actions/install-cosign/action.yaml new file mode 100644 index 0000000000000..fd91c18f35991 --- /dev/null +++ b/.github/actions/install-cosign/action.yaml @@ -0,0 +1,14 @@ +name: "Install cosign" +description: | + Cosign Github Action. +inputs: + version: + description: "cosign release" + default: "v2.4.3" +runs: + using: "composite" + steps: + - name: Install cosign + uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + with: + cosign-release: {{ inputs.version }} diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml new file mode 100644 index 0000000000000..5ea2fc072d992 --- /dev/null +++ b/.github/actions/install-syft/action.yaml @@ -0,0 +1,14 @@ +name: "Install syft" +description: | + Downloads Syft to the Action tool cache and provides a reference. +inputs: + version: + description: "syft version." + default: "1.22.8" +runs: + using: "composite" + steps: + - name: Install syft + uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + with: + syft-version: {{ inputs.version }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ee97e675cbbdd..0dc740a2ad1ee 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1074,14 +1074,10 @@ jobs: run: sudo apt-get install -y zstd - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/action/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/action/install-syft - name: Setup Windows EV Signing Certificate run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fbb86d7aaf799..a5daf8179ffa0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,14 +251,10 @@ jobs: rm /tmp/rcodesign.tar.gz - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/action/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/action/install-syft - name: Setup Apple Developer certificate and API key run: | diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 3b90616f849f0..96ccede483398 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -85,6 +85,12 @@ jobs: - name: Setup sqlc uses: ./.github/actions/setup-sqlc + - name: Install cosign + uses: ./.github/action/install-cosign + + - name: Install syft + uses: ./.github/action/install-syft + - name: Install yq run: go run github.com/mikefarah/yq/v4@v4.44.3 - name: Install mockgen From fb123556470239815b90c8f87457504fe45ef1f2 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 17:54:36 +0500 Subject: [PATCH 2/4] hardcode version strings --- .github/actions/install-cosign/action.yaml | 6 +----- .github/actions/install-syft/action.yaml | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/actions/install-cosign/action.yaml b/.github/actions/install-cosign/action.yaml index fd91c18f35991..acaf7ba1a7a97 100644 --- a/.github/actions/install-cosign/action.yaml +++ b/.github/actions/install-cosign/action.yaml @@ -1,14 +1,10 @@ name: "Install cosign" description: | Cosign Github Action. -inputs: - version: - description: "cosign release" - default: "v2.4.3" runs: using: "composite" steps: - name: Install cosign uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 with: - cosign-release: {{ inputs.version }} + cosign-release: "v2.4.3" diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml index 5ea2fc072d992..9da31c5670f07 100644 --- a/.github/actions/install-syft/action.yaml +++ b/.github/actions/install-syft/action.yaml @@ -1,14 +1,10 @@ name: "Install syft" description: | Downloads Syft to the Action tool cache and provides a reference. -inputs: - version: - description: "syft version." - default: "1.22.8" runs: using: "composite" steps: - name: Install syft uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 with: - syft-version: {{ inputs.version }} + syft-version: "1.22.8" From 7e1a138296fd616dda80fe65646af5d2a28835b5 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 18:03:36 +0500 Subject: [PATCH 3/4] fix typo --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/release.yaml | 4 ++-- .github/workflows/security.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0dc740a2ad1ee..9aed499c03b5e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1074,10 +1074,10 @@ jobs: run: sudo apt-get install -y zstd - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Setup Windows EV Signing Certificate run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a5daf8179ffa0..f35a004f2e4de 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,10 +251,10 @@ jobs: rm /tmp/rcodesign.tar.gz - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Setup Apple Developer certificate and API key run: | diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 96ccede483398..71d209e2a7dce 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -86,10 +86,10 @@ jobs: uses: ./.github/actions/setup-sqlc - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Install yq run: go run github.com/mikefarah/yq/v4@v4.44.3 From 384cfcf24f000f250adc8125bbf774a2dc64ef14 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 18:07:12 +0500 Subject: [PATCH 4/4] fix syft version --- .github/actions/install-syft/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml index 9da31c5670f07..7357cdc08ef85 100644 --- a/.github/actions/install-syft/action.yaml +++ b/.github/actions/install-syft/action.yaml @@ -7,4 +7,4 @@ runs: - name: Install syft uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 with: - syft-version: "1.22.8" + syft-version: "v1.20.0" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy