@@ -17,11 +17,20 @@ jobs:
1717 - name : Install Cosign
1818 uses : sigstore/cosign-installer@v2.5.0
1919
20+ - name : Install Chainloop
21+ run : |
22+ curl -sfL https://chainloop.dev/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
23+ sudo install chainloop /usr/local/bin
24+ chainloop version
25+
2026name : Checkout
2127 uses : actions/checkout@v3
2228 with :
2329 fetch-depth : 0
2430
31+ - name : Initialize Attestation
32+ run : chainloop attestation init --contract-revision 2
33+
2534 - name : Set up Go
2635 uses : actions/setup-go@v3
2736 with :
5463 output-file : /tmp/sbom.cyclonedx.json
5564 env :
5665 IMAGE : ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
66+
67+ - name : Add Container Image Artifact
68+ run : chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
69+
70+ - name : Add SBOM Artifact
71+ run : chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
72+
73+ - name : Add Binary Artifact
74+ run : |
75+ BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
76+
77+ chainloop attestation add --name binary --value ${BINARY_PATH}
78+
79+ name : Finish and Record Attestation
80+ if : ${{ success() }}
81+ run : |
82+ chainloop attestation status --full
83+ chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
84+ env :
85+ CHAINLOOP_SIGNING_KEY : ${{ secrets.COSIGN_PRIVATE_KEY }}
86+ CHAINLOOP_SIGNING_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
87+
88+ - name : Mark attestation as failed
89+ if : ${{ failure() }}
90+ run : |
91+ chainloop attestation reset
92+
93+ name : Mark attestation as cancelled
94+ if : ${{ cancelled() }}
95+ run : |
96+ chainloop attestation reset --trigger cancellation
97+ env :
98+ CHAINLOOP_VERSION : 0.8.58
99+ CHAINLOOP_ROBOT_ACCOUNT : ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
0 commit comments