From a7fc9615477bf1583418410122c9ed43e96032fe Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 26 Mar 2024 00:34:27 +0000 Subject: [PATCH] update Signed-off-by: laurentsimon --- .github/workflows/release.yml | 21 +++++++++++ .github/workflows/release/slsa-evaluator.yml | 36 +++++++++++++++++++ .../internal/release/evaluate/evaluate.go | 4 +-- 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/release/slsa-evaluator.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..eebd14d --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,21 @@ +name: CLI release + +on: + # For manual tests. + workflow_dispatch: + push: + tags: + - "*" # triggers only if push new tag version, like `0.8.4` or else + +permissions: read-all + +jobs: + evaluator: + permissions: + id-token: write # For signing. + contents: write # For asset uploads. + actions: read # For the entrypoint. + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.10.0 + with: + go-version-file: "./cmd/evaluator/go.mod" + config-file: .github/workflows/release/slsa-evaluator.yml diff --git a/.github/workflows/release/slsa-evaluator.yml b/.github/workflows/release/slsa-evaluator.yml new file mode 100644 index 0000000..a0a2eca --- /dev/null +++ b/.github/workflows/release/slsa-evaluator.yml @@ -0,0 +1,36 @@ +# Version for this file. +version: 1 + +# (Optional) List of env variables used during compilation. +env: + - GO111MODULE=on + - CGO_ENABLED=0 + +# (Optional) Flags for the compiler. +flags: + - -trimpath + - -tags=netgo + +# The OS to compile for. `GOOS` env variable will be set to this value. +goos: linux + +# The architecture to compile for. `GOARCH` env variable will be set to this value. +goarch: amd64 + +# (Optional) Entrypoint to compile. +# main: ./path/to/main.go + +# (Optional) Working directory. (default: root of the project) +dir: ./cmd/evaluator + +# Binary output name. +# {{ .Os }} will be replaced by goos field in the config file. +# {{ .Arch }} will be replaced by goarch field in the config file. +binary: binary-{{ .Os }}-{{ .Arch }} + +# (Optional) ldflags generated dynamically in the workflow, and set as the `evaluated-envs` input variables in the workflow. +# ldflags: +# - "-X main.Version={{ .Env.VERSION }}" +# - "-X main.Commit={{ .Env.COMMIT }}" +# - "-X main.CommitDate={{ .Env.COMMIT_DATE }}" +# - "-X main.TreeState={{ .Env.TREE_STATE }}" \ No newline at end of file diff --git a/cmd/evaluator/internal/release/evaluate/evaluate.go b/cmd/evaluator/internal/release/evaluate/evaluate.go index dfac3a1..d996031 100644 --- a/cmd/evaluator/internal/release/evaluate/evaluate.go +++ b/cmd/evaluator/internal/release/evaluate/evaluate.go @@ -15,7 +15,7 @@ import ( func usage(cli string) { msg := "" + - "Usage: %s release evaluate orgPath projectsPath packageName creatorID [optional:environment]\n" + + "Usage: %s release evaluate orgPath projectsPath packageName [optional:environment]\n" + "\n" + "Example:\n" + "%s release evaluate ./path/to/policy/org ./path/to/policy/projects laurentsimon/echo-server@sha256:xxxx prod\n" + @@ -42,7 +42,7 @@ func Run(cli string, args []string) error { if len(args) == 4 && args[3] != "" { // Only set the env if it's not empty. env = new(string) - *env = args[34] + *env = args[3] } digestsArr := strings.Split(digest, ":") if len(digestsArr) != 2 {