Started on adding a never-alone-trail attestation to the cli-release #2376
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main | |
on: | |
push: | |
branches: | |
- '**' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
pre-build: | |
runs-on: ubuntu-latest | |
outputs: | |
tag: ${{ steps.prep.outputs.tag }} | |
trail_name: ${{ steps.prep.outputs.trail_name }} | |
trail_template_file: ${{ steps.prep.outputs.trail_template_file }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare | |
id: prep | |
run: | | |
TAG=$(echo $GITHUB_SHA | head -c7) | |
echo "TAG=${TAG}" >> ${GITHUB_ENV} | |
echo "tag=$TAG" >> $GITHUB_OUTPUT | |
if [ "${GITHUB_REF}" == refs/tags/* ]; then | |
TRAIL_NAME=${GITHUB_REF##refs/tags/} | |
TRAIL_TEMPLATE_FILE=release-flow-template.yml | |
else | |
TRAIL_NAME=$(echo $GITHUB_SHA | head -c 7) | |
TRAIL_TEMPLATE_FILE=main-flow-template.yml | |
fi | |
echo "TRAIL_NAME=${TRAIL_NAME}" >> $GITHUB_ENV | |
echo "trail_name=$TRAIL_NAME" >> $GITHUB_OUTPUT | |
echo "TRAIL_TEMPLATE_FILE=${TRAIL_TEMPLATE_FILE}" >> $GITHUB_ENV | |
echo "trail_template_file=$TRAIL_TEMPLATE_FILE" >> $GITHUB_OUTPUT | |
init-kosli: | |
needs: [pre-build] | |
uses: ./.github/workflows/init_kosli.yml | |
with: | |
FLOW_NAME: cli | |
TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }} | |
FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }} | |
KOSLI_ORG: kosli-public | |
secrets: | |
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} | |
pr_github_token: ${{ secrets.GITHUB_TOKEN }} | |
# Only to test CI on a branch | |
never-alone-trail: | |
needs: [pre-build, init-kosli] | |
uses: ./.github/workflows/never_alone_trail.yml | |
with: | |
FLOW_NAME: test-cli-release-never-alone | |
TRAIL_NAME: v0.0.101 | |
SOURCE_FLOW_NAME: cli | |
ATTESTATION_NAME: never-alone-data | |
KOSLI_ORG: kosli-public | |
secrets: | |
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} | |
pr_github_token: ${{ secrets.GITHUB_TOKEN }} | |
never-alone-link-in-relase: | |
needs: [pre-build, init-kosli, never-alone-trail] | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: read | |
steps: | |
- name: Report never-alone-trail | |
env: | |
FLOW_NAME: test-cli-release | |
TRAIL_NAME: v0.0.101 | |
SOURCE_FLOW_NAME: test-cli-release-never-alone | |
KOSLI_ORG: kosli-public | |
KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }} | |
run: | | |
KOSLI_HOST=${KOSLI_HOST:-https://app.kosli.com} | |
NEVER_ALONE_TRAIL_LINK="${KOSLI_HOST}/${KOSLI_ORG}/flows/${SOURCE_FLOW_NAME}/trails/${TRAIL_NAME}" | |
kosli attest generic github \ | |
--flow ${FLOW_NAME} \ | |
--trail ${TRAIL_NAME} \ | |
--name never-alone-trail \ | |
--annotate never_alone_trail="${NEVER_ALONE_TRAIL_LINK}" | |
### end | |
test: | |
needs: [pre-build] | |
uses: ./.github/workflows/test.yml | |
with: | |
AWS_ACCOUNT_ID: 772819027869 | |
AWS_REGION: eu-central-1 | |
FLOW_NAME: cli | |
TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }} | |
KOSLI_ORG: kosli-public | |
secrets: | |
github_access_token: ${{ secrets.KOSLI_GITHUB_TOKEN }} | |
gitlab_access_token: ${{ secrets.KOSLI_GITLAB_TOKEN }} | |
azure_access_token: ${{ secrets.KOSLI_AZURE_TOKEN }} | |
azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
bitbucket_password: ${{ secrets.KOSLI_BITBUCKET_PASSWORD }} | |
jira_api_token: ${{ secrets.KOSLI_JIRA_API_TOKEN }} | |
slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} | |
slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} | |
snyk_token: ${{ secrets.SNYK_TOKEN }} | |
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} | |
# docker: | |
# needs: [pre-build, test, init-kosli] | |
# uses: ./.github/workflows/docker.yml | |
# with: | |
# tag: ${{ needs.pre-build.outputs.tag }} | |
# platforms: linux/amd64 | |
# flow_name: cli | |
# trail_name: ${{ needs.pre-build.outputs.trail_name }} | |
# kosli_org: kosli-public | |
# secrets: | |
# slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} | |
# slack_channel: ${{ secrets.MERKELY_SLACK_CI_FAILURES_CHANNEL }} | |
# ghcr_user: ${{ secrets.GHCR_USER }} | |
# ghcr_token: ${{ secrets.GHCR_TOKEN }} | |
# kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} | |
# snyk_token: ${{ secrets.SNYK_TOKEN }} |