@@ -17,11 +17,18 @@ jobs:
1717 - name : Install Cosign
1818 uses : sigstore/cosign-installer@v2.5.0
1919
20+ - name : Install Chainloop
21+ run : |
22+ curl -sfL https://docs.chainloop.dev/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
23+
2024name : Checkout
2125 uses : actions/checkout@v3
2226 with :
2327 fetch-depth : 0
2428
29+ - name : Initialize Attestation
30+ run : chainloop attestation init # --contract-revision 2
31+
2532 - name : Set up Go
2633 uses : actions/setup-go@v3
2734 with :
5461 output-file : /tmp/sbom.cyclonedx.json
5562 env :
5663 IMAGE : ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
64+
65+ - name : Add Container Image Artifact
66+ run : chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
67+
68+ - name : Add SBOM Artifact
69+ run : chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
70+
71+ - name : Add Binary Artifact
72+ run : |
73+ BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
74+
75+ chainloop attestation add --name binary --value ${BINARY_PATH}
76+
77+ name : Finish and Record Attestation
78+ if : ${{ success() }}
79+ run : |
80+ chainloop attestation status --full
81+ chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
82+ env :
83+ CHAINLOOP_SIGNING_KEY : ${{ secrets.COSIGN_PRIVATE_KEY }}
84+ CHAINLOOP_SIGNING_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
85+
86+ - name : Mark attestation as failed
87+ if : ${{ failure() }}
88+ run : |
89+ chainloop attestation reset
90+
91+ name : Mark attestation as cancelled
92+ if : ${{ cancelled() }}
93+ run : |
94+ chainloop attestation reset --trigger cancellation
95+ env :
96+ CHAINLOOP_VERSION : 0.8.92
97+ CHAINLOOP_ROBOT_ACCOUNT : ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
0 commit comments