This repository has been archived by the owner on Oct 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change SRP Provenance to use version 3.0
Signed-off-by: Joe Eltgroth <jeltgroth@vmware.com>
- Loading branch information
1 parent
212dba6
commit 347c17e
Showing
12 changed files
with
102 additions
and
276 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Copyright 2021-2022 VMware, Inc. | ||
# SPDX-License-Identifier: BSD-2-Clause | ||
|
||
name: 'SRP Helper Start Action' | ||
description: 'Start the SRP observer, build and publish the container, stop the SRP observations' | ||
inputs: | ||
client-id: | ||
description: 'Client ID associated with your CSP org' | ||
required: true | ||
client-secret: | ||
description: 'Client Secret associated with your CSP org' | ||
required: true | ||
buildpack: | ||
description: 'Language of buildpack' | ||
required: true | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- id: publish | ||
env: | ||
CLIENT_ID: ${{ inputs.client-id }} | ||
CLIENT_SECRET: ${{ inputs.client-secret }} | ||
BUILDPACK: ${{ inputs.buildpack }} | ||
VES_DOCKER: /usr/bin/docker | ||
run: ${{ github.action_path }}/publish.sh | ||
shell: bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
#!/bin/bash | ||
# Copyright 2021-2022 VMware, Inc. | ||
# SPDX-License-Identifier: BSD-2-Clause | ||
|
||
set -euo pipefail | ||
|
||
echo "SRP: Collect source provenance." | ||
|
||
mkdir -p ${SRP_WORKING_DIR} | ||
srp config auth --client-id "$CLIENT_ID" --client-secret "$CLIENT_SECRET" | ||
srp provenance init | ||
|
||
GITHUB_FQDN=$(echo "${GITHUB_SERVER_URL}" | sed -e "s/^https:\/\///") | ||
srp provenance add-build github --action ${GITHUB_ACTION} --build-id ${GITHUB_RUN_ID}_${GITHUB_RUN_ATTEMPT} --instance ${GITHUB_FQDN} --namespace ${GITHUB_REPOSITORY} --ref ${GITHUB_REF} | ||
srp provenance declare-source git --verbose --set-key=function-buildpack-source --path . | ||
srp provenance action start --name=publish | ||
|
||
srp provenance action import-cmd --cmd "make base_url=$url registry.location=other REGISTRY=$registry $target" | ||
observer_agent -m start_observer -e "${SRP_WORKING_DIR}"/required-envs.sh -S | ||
source "${SRP_WORKING_DIR}"/required-envs.sh set | ||
|
||
make base_url=$url registry.location=other REGISTRY=$registry $target | ||
|
||
source "${SRP_WORKING_DIR}"/required-envs.sh unset | ||
rm "${SRP_WORKING_DIR}/required-envs.sh" | ||
observer_agent -m stop_observer -f network_provenance.json | ||
|
||
key="${registry}/${BUILDPACK}-buildpack:${version}" | ||
echo "key set to ${key}" | ||
action="publish" | ||
image=$(docker inspect "${key}" | jq -r '.[0].RepoDigests[0]') | ||
srp provenance add-output docker \ | ||
--set-key="${key}" \ | ||
--action-key="${action}" \ | ||
--name="${image%%@*}" \ | ||
--location="${image%%@*}" \ | ||
--digest="${image##*@}" | ||
|
||
srp provenance add-input syft --scan-target="${key}" --output-key="${key}" | ||
|
||
srp provenance action import-observation --name="publish" --file=network_provenance.json | ||
srp provenance action stop | ||
|
||
echo "------------- Completed ${SRP_WORKING_DIR}/_provenance.json -------------" | ||
cat "${SRP_WORKING_DIR}"/_provenance.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.