Skip to content

chore(ci): add Chainloop #20

chore(ci): add Chainloop

chore(ci): add Chainloop #20

Workflow file for this run

# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Java CI with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
java: [ '17' ]
steps:
- uses: actions/checkout@v3
- name: Set up JDK ${{matrix.java}}
uses: actions/setup-java@v3
with:
java-version: ${{matrix.java}}
distribution: 'adopt'
cache: maven
- name: Build with Maven Wrapper
run: ./mvnw -B package
# Upload the built jar as an artifact so that it can be used in the Chainloop job
- uses: actions/upload-artifact@v3
with:
name: artifacts
path: target/*.jar
collect-metadata:
runs-on: ubuntu-latest
name: Generate metadata
needs: build
steps:
- name: Download all workflow run artifacts
uses: actions/download-artifact@v3
- name: Generate metadata
run: |
mkdir -p metadata
- uses: anchore/sbom-action@v0
with:
file: artifacts/*.jar
format: cyclonedx-json
output-file: ./metadata/sbom.cyclonedx.json
upload-artifact: false
- uses: actions/upload-artifact@v3
with:
name: metadata
path: metadata/*
# Send metadata to Chainloop
chainloop:
name: Chainloop
uses: chainloop-dev/labs/.github/workflows/chainloop.yml@a75dff2ef342a1e5c5e1ec5c42fb99f3d1bc03cb
needs: collect-metadata
with:
contract_revision: 2
secrets:
api_token: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
signing_key: ${{ secrets.PRIVATE_KEY }}
signing_key_password: ${{ secrets.PRIVATE_KEY_PASSWORD }}