Skip to content

Started on adding a never-alone-trail attestation to the cli-release #2376

Started on adding a never-alone-trail attestation to the cli-release

Started on adding a never-alone-trail attestation to the cli-release #2376

Workflow file for this run

name: Main
on:
push:
branches:
- '**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
pre-build:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.prep.outputs.tag }}
trail_name: ${{ steps.prep.outputs.trail_name }}
trail_template_file: ${{ steps.prep.outputs.trail_template_file }}
steps:
- uses: actions/checkout@v4
- name: Prepare
id: prep
run: |
TAG=$(echo $GITHUB_SHA | head -c7)
echo "TAG=${TAG}" >> ${GITHUB_ENV}
echo "tag=$TAG" >> $GITHUB_OUTPUT
if [ "${GITHUB_REF}" == refs/tags/* ]; then
TRAIL_NAME=${GITHUB_REF##refs/tags/}
TRAIL_TEMPLATE_FILE=release-flow-template.yml
else
TRAIL_NAME=$(echo $GITHUB_SHA | head -c 7)
TRAIL_TEMPLATE_FILE=main-flow-template.yml
fi
echo "TRAIL_NAME=${TRAIL_NAME}" >> $GITHUB_ENV
echo "trail_name=$TRAIL_NAME" >> $GITHUB_OUTPUT
echo "TRAIL_TEMPLATE_FILE=${TRAIL_TEMPLATE_FILE}" >> $GITHUB_ENV
echo "trail_template_file=$TRAIL_TEMPLATE_FILE" >> $GITHUB_OUTPUT
init-kosli:
needs: [pre-build]
uses: ./.github/workflows/init_kosli.yml
with:
FLOW_NAME: cli
TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }}
KOSLI_ORG: kosli-public
secrets:
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}
pr_github_token: ${{ secrets.GITHUB_TOKEN }}
# Only to test CI on a branch
never-alone-trail:
needs: [pre-build, init-kosli]
uses: ./.github/workflows/never_alone_trail.yml
with:
FLOW_NAME: test-cli-release-never-alone
TRAIL_NAME: v0.0.101
SOURCE_FLOW_NAME: cli
ATTESTATION_NAME: never-alone-data
KOSLI_ORG: kosli-public
secrets:
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}
pr_github_token: ${{ secrets.GITHUB_TOKEN }}
never-alone-link-in-relase:
needs: [pre-build, init-kosli, never-alone-trail]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
pull-requests: read
steps:
- name: Report never-alone-trail
env:
FLOW_NAME: test-cli-release
TRAIL_NAME: v0.0.101
SOURCE_FLOW_NAME: test-cli-release-never-alone
KOSLI_ORG: kosli-public
KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
run: |
KOSLI_HOST=${KOSLI_HOST:-https://app.kosli.com}
NEVER_ALONE_TRAIL_LINK="${KOSLI_HOST}/${KOSLI_ORG}/flows/${SOURCE_FLOW_NAME}/trails/${TRAIL_NAME}"
kosli attest generic github \
--flow ${FLOW_NAME} \
--trail ${TRAIL_NAME} \
--name never-alone-trail \
--annotate never_alone_trail="${NEVER_ALONE_TRAIL_LINK}"
### end
test:
needs: [pre-build]
uses: ./.github/workflows/test.yml
with:
AWS_ACCOUNT_ID: 772819027869
AWS_REGION: eu-central-1
FLOW_NAME: cli
TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
KOSLI_ORG: kosli-public
secrets:
github_access_token: ${{ secrets.KOSLI_GITHUB_TOKEN }}
gitlab_access_token: ${{ secrets.KOSLI_GITLAB_TOKEN }}
azure_access_token: ${{ secrets.KOSLI_AZURE_TOKEN }}
azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
bitbucket_password: ${{ secrets.KOSLI_BITBUCKET_PASSWORD }}
jira_api_token: ${{ secrets.KOSLI_JIRA_API_TOKEN }}
slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }}
snyk_token: ${{ secrets.SNYK_TOKEN }}
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}
# docker:
# needs: [pre-build, test, init-kosli]
# uses: ./.github/workflows/docker.yml
# with:
# tag: ${{ needs.pre-build.outputs.tag }}
# platforms: linux/amd64
# flow_name: cli
# trail_name: ${{ needs.pre-build.outputs.trail_name }}
# kosli_org: kosli-public
# secrets:
# slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
# slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }}
# ghcr_user: ${{ secrets.GHCR_USER }}
# ghcr_token: ${{ secrets.GHCR_TOKEN }}
# kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}
# snyk_token: ${{ secrets.SNYK_TOKEN }}