This repository has been archived by the owner on Oct 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change SRP Provenance to use version 3.0
Signed-off-by: Joe Eltgroth <jeltgroth@vmware.com>
- Loading branch information
1 parent
212dba6
commit e84f52a
Showing
12 changed files
with
133 additions
and
261 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Copyright 2021-2022 VMware, Inc. | ||
# SPDX-License-Identifier: BSD-2-Clause | ||
|
||
name: 'SRP Helper Start Action' | ||
description: 'Start the SRP observer, build and publish the container, stop the SRP observations' | ||
inputs: | ||
client-id: | ||
description: 'Client ID associated with your CSP org' | ||
required: true | ||
client-secret: | ||
description: 'Client Secret associated with your CSP org' | ||
required: true | ||
build-type: | ||
description: 'Name of the built type to be stored in source provenance' | ||
default: release | ||
required: true | ||
scm-type: | ||
description: 'SCM type of the processed repos' | ||
default: git | ||
required: true | ||
buildpack: | ||
description: 'Language of buildpack' | ||
required: true | ||
|
||
#outputs: | ||
# provenance-file: | ||
# description: "SRP Provenance file" | ||
# value: ${{ steps.publish-container.outputs.provenance-file }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- id: publish | ||
env: | ||
CLIENT_ID: ${{ inputs.client-id }} | ||
CLIENT_SECRET: ${{ inputs.client-secret }} | ||
BUILD_TYPE: ${{ inputs.build-type }} | ||
SCM_TYPE: ${{ inputs.scm-type }} | ||
BUILDPACK: ${{ inputs.buildpack }} | ||
VES_DOCKER: /usr/bin/docker | ||
run: ${{ github.action_path }}/publish.sh | ||
shell: bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
#!/bin/bash | ||
# Copyright 2021-2022 VMware, Inc. | ||
# SPDX-License-Identifier: BSD-2-Clause | ||
|
||
set -euo pipefail | ||
|
||
trap 'catch' ERR | ||
catch() { | ||
echo "An error has occurred removing SRP data" | ||
rm -rf ./tmp/srp | ||
} | ||
|
||
echo "SRP: Collect source provenance." | ||
|
||
mkdir -p /tmp/srp | ||
srp config auth --client-id "$CLIENT_ID" --client-secret "$CLIENT_SECRET" | ||
srp provenance init | ||
|
||
GITHUB_FQDN=$(echo "${GITHUB_SERVER_URL}" | sed -e "s/^https:\/\///") | ||
srp provenance add-build github --action ${GITHUB_ACTION} --build-id ${GITHUB_RUN_ID}_${GITHUB_RUN_ATTEMPT} --instance ${GITHUB_FQDN} --namespace ${GITHUB_REPOSITORY} --ref ${GITHUB_REF} | ||
srp provenance declare-source git --verbose --set-key=function-buildpack-source --path . | ||
srp provenance action start --name=publish | ||
|
||
srp provenance action import-cmd --cmd "make base_url=$url registry.location=other REGISTRY=$registry $target" | ||
observer_agent -m start_observer -e "${SRP_WORKING_DIR}"/required-envs.sh -S | ||
source "${SRP_WORKING_DIR}"/required-envs.sh set | ||
|
||
echo "VES_DOCKER set to $VES_DOCKER" | ||
|
||
make base_url=$url registry.location=other REGISTRY=$registry $target | ||
|
||
source "${SRP_WORKING_DIR}"/required-envs.sh unset | ||
rm "${SRP_WORKING_DIR}/required-envs.sh" | ||
observer_agent -m stop_observer -f network_provenance.json | ||
|
||
key="${registry}/${buildpack}-buildpack:${version}" | ||
echo "key set to ${key}" | ||
action="publish" | ||
image="${registry}/${buildpack}-buildpack:${version}" | ||
srp provenance add-output docker \ | ||
--set-key="${key}" \ | ||
--action-key="${action}" \ | ||
--name="${image%%@*}" \ | ||
--location="${image%%@*}" \ | ||
--digest="${image##*@}" | ||
|
||
srp provenance action import-observation --name="publish" --file=network_provenance.json | ||
srp provenance action stop | ||
|
||
cat "${SRP_WORKING_DIR}"/_provenance.json | ||
|
||
#echo "::set-output name=provenance-file::${SRP_WORKING_DIR}/_provenance.json" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.