Merge pull request #8 from chainloop-dev/bump-chainloop-version #28

Summary
Jobs
- Release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yaml at 06be1df

	name: Release

	on:
	push:
	tags:
	- "v..*"

	jobs:
	release:
	name: Release
	runs-on: ubuntu-latest
	if: github.ref_type == 'tag'
	permissions:
	packages: write
	contents: write # required for goreleaser
	steps:
	- name: Install Cosign
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v2.0.2'

	- name: Install Chainloop
	run: \|
	curl -sfL https://docs.chainloop.dev/install.sh \| bash -s -- --version v${{ env.CHAINLOOP_VERSION }}

	- name: Checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Initialize Attestation
	run: chainloop attestation init # --contract-revision 2

	- name: Set up Go
	uses: actions/setup-go@v3
	with:
	go-version: 1.19

	- name: Docker login to Github Packages
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Run Go Releaser
	id: release
	uses: goreleaser/goreleaser-action@v3
	with:
	distribution: goreleaser
	version: latest
	args: release --rm-dist
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

	- uses: anchore/sbom-action@v0
	with:
	image: ${{ env.IMAGE }}
	format: cyclonedx-json
	artifact-name: sbom.cyclonedx.json
	output-file: /tmp/sbom.cyclonedx.json
	env:
	IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}

	- uses: anchore/sbom-action@v0
	with:
	image: ${{ env.IMAGE }}
	format: spdx-json
	artifact-name: sbom.spdx.json
	output-file: /tmp/sbom.spdx.json
	env:
	IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}

	- name: Add Container Image Artifact
	run: chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}

	- name: Add CycloneDX SBOM Artifact
	run: chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json

	- name: Add SPDX SBOM Artifact
	run: chainloop attestation add --name sbom-spdx --value /tmp/sbom.spdx.json

	- name: Add Binary Artifact
	run: \|
	BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' \| jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"

	chainloop attestation add --name binary --value ${BINARY_PATH}

	- name: Finish and Record Attestation
	if: ${{ success() }}
	run: \|
	chainloop attestation status --full
	chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
	env:
	CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

	- name: Mark attestation as failed
	if: ${{ failure() }}
	run: \|
	chainloop attestation reset

	- name: Mark attestation as cancelled
	if: ${{ cancelled() }}
	run: \|
	chainloop attestation reset --trigger cancellation
	env:
	CHAINLOOP_VERSION: 0.89.0
	CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #8 from chainloop-dev/bump-chainloop-version #28

Workflow file

Merge pull request #8 from chainloop-dev/bump-chainloop-version #28

Jobs

Run details

Workflow file for this run