From 932655e76d2a2cc26067dcb52e4179b4f052f7ee Mon Sep 17 00:00:00 2001 From: Miguel Martinez Date: Wed, 9 Oct 2024 23:09:28 +0200 Subject: [PATCH 1/2] chore(ci): provide project name Signed-off-by: Miguel Martinez --- .github/workflows/build_and_package.yaml | 3 ++- .github/workflows/codeql.yml | 3 ++- .github/workflows/docs_deploy.yml | 6 ++++-- .github/workflows/package_chart.yaml | 6 ++++-- .github/workflows/release.yaml | 6 ++++-- .github/workflows/scorecards.yml | 2 +- 6 files changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build_and_package.yaml b/.github/workflows/build_and_package.yaml index 7ec0b09d0..c9267fc8f 100644 --- a/.github/workflows/build_and_package.yaml +++ b/.github/workflows/build_and_package.yaml @@ -29,6 +29,7 @@ jobs: CONTAINER_IMAGE_CLI: ghcr.io/chainloop-dev/chainloop/cli:${{ github.ref_name }} GH_TOKEN: ${{ github.token }} CHAINLOOP_WORKFLOW_NAME: "chainloop-vault-build-and-package" + CHAINLOOP_PROJECT: "chainloop" steps: - name: Install Cosign uses: sigstore/cosign-installer@ef6a6b364bbad08abd36a5f8af60b595d12702f8 # main @@ -49,7 +50,7 @@ jobs: - name: Initialize Attestation run: | - chainloop attestation init --workflow $CHAINLOOP_WORKFLOW_NAME + chainloop attestation init --workflow $CHAINLOOP_WORKFLOW_NAME --project $CHAINLOOP_PROJECT - name: Docker login to Github Packages uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 45d9a65e7..f30a08ffe 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,6 +23,7 @@ jobs: env: CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} CHAINLOOP_WORKFLOW_NAME: "chainloop-vault-codeql" + CHAINLOOP_PROJECT: "chainloop" strategy: fail-fast: false @@ -41,7 +42,7 @@ jobs: - name: Initialize Attestation if: ${{ github.event_name != 'pull_request' }} run: | - chainloop attestation init --workflow $CHAINLOOP_WORKFLOW_NAME + chainloop attestation init --workflow $CHAINLOOP_WORKFLOW_NAME --project $CHAINLOOP_PROJECT - name: Set up Go uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 diff --git a/.github/workflows/docs_deploy.yml b/.github/workflows/docs_deploy.yml index cbf526135..5a6014e35 100644 --- a/.github/workflows/docs_deploy.yml +++ b/.github/workflows/docs_deploy.yml @@ -11,12 +11,14 @@ concurrency: "deploy-to-prod" jobs: chainloop_init: name: Chainloop Init - uses: chainloop-dev/labs/.github/workflows/chainloop_init.yml@dfc395be86c9254f42de204584a032d5c1f99706 + # Pin once we release a stable version + uses: chainloop-dev/labs/.github/workflows/chainloop_init.yml@main secrets: api_token: ${{ secrets.CHAINLOOP_TOKEN }} with: chainloop_labs_branch: dfc395be86c9254f42de204584a032d5c1f99706 workflow_name: "chainloop-docs-release" + project_name: "chainloop" deploy_docs: name: Deploy Documentation @@ -83,7 +85,7 @@ jobs: chainloop_push: name: Chainloop Push - uses: chainloop-dev/labs/.github/workflows/chainloop_push.yml@dfc395be86c9254f42de204584a032d5c1f99706 + uses: chainloop-dev/labs/.github/workflows/chainloop_push.yml@main needs: - deploy_docs secrets: diff --git a/.github/workflows/package_chart.yaml b/.github/workflows/package_chart.yaml index a3389af29..2ac522e0a 100644 --- a/.github/workflows/package_chart.yaml +++ b/.github/workflows/package_chart.yaml @@ -17,7 +17,8 @@ jobs: # be ignored and the process will continue. For this to work it's using a pre-created API Token onboard_workflow: name: Onboard Chainloop Workflow - uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@4173e015dbd5dc2a8802555c268da63d57bbe576 + # TODO: pin + uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@main with: project: "chainloop" workflow_name: "chainloop-vault-helm-package" @@ -33,6 +34,7 @@ jobs: env: CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} CHAINLOOP_WORKFLOW_NAME: ${{ needs.onboard_workflow.outputs.workflow_name }} + CHAINLOOP_PROJECT: ${{ needs.onboard_workflow.outputs.project_name }} steps: - name: Install Chainloop run: | @@ -52,7 +54,7 @@ jobs: - name: Initialize Attestation run: | - chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} + chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} --project ${CHAINLOOP_PROJECT} - name: Package Chart run: helm package deployment/chainloop/ diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 088f424a0..620338ed8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,7 +9,8 @@ jobs: # be ignored and the process will continue. For this to work it's using a pre-created API Token onboard_workflow: name: Onboard Chainloop Workflow - uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@4173e015dbd5dc2a8802555c268da63d57bbe576 + # TODO: pin + uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@main with: project: "chainloop" workflow_name: "chainloop-vault-release" @@ -26,6 +27,7 @@ jobs: env: CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }} CHAINLOOP_WORKFLOW_NAME: ${{ needs.onboard_workflow.outputs.workflow_name }} + CHAINLOOP_PROJECT: ${{ needs.onboard_workflow.outputs.project_name }} GH_TOKEN: ${{ github.token }} steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -36,7 +38,7 @@ jobs: - name: Initialize Attestation run: | - chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} + chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} --project ${CHAINLOOP_PROJECT} - name: Attest all assets run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b33b8f80d..b99d32c7e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -26,6 +26,7 @@ jobs: with: chainloop_labs_branch: dfc395be86c9254f42de204584a032d5c1f99706 workflow_name: "chainloop-vault-scorecards" + project_name: "chainloop" analysis: name: Scorecard analysis @@ -94,5 +95,4 @@ jobs: signing_key_password: ${{ secrets.COSIGN_PASSWORD }} with: attestation_name: "scorecards" - chainloop_labs_branch: dfc395be86c9254f42de204584a032d5c1f99706 workflow_name: "chainloop-vault-scorecards" From 9b9bde8f31b58c01ad6ae024d4f9b31dff7a39f6 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Date: Fri, 11 Oct 2024 11:34:34 +0200 Subject: [PATCH 2/2] feat(dagger): add support for optional project name during attestation Signed-off-by: Miguel Martinez --- .github/workflows/docs_deploy.yml | 5 ++--- .github/workflows/package_chart.yaml | 3 +-- .github/workflows/release.yaml | 2 +- extras/dagger/README.md | 1 + 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docs_deploy.yml b/.github/workflows/docs_deploy.yml index 5a6014e35..f59e0dece 100644 --- a/.github/workflows/docs_deploy.yml +++ b/.github/workflows/docs_deploy.yml @@ -11,8 +11,7 @@ concurrency: "deploy-to-prod" jobs: chainloop_init: name: Chainloop Init - # Pin once we release a stable version - uses: chainloop-dev/labs/.github/workflows/chainloop_init.yml@main + uses: chainloop-dev/labs/.github/workflows/chainloop_init.yml@edd4d30e954a4a456dd770f3b7c5e6871c84a661 secrets: api_token: ${{ secrets.CHAINLOOP_TOKEN }} with: @@ -85,7 +84,7 @@ jobs: chainloop_push: name: Chainloop Push - uses: chainloop-dev/labs/.github/workflows/chainloop_push.yml@main + uses: chainloop-dev/labs/.github/workflows/chainloop_push.yml@edd4d30e954a4a456dd770f3b7c5e6871c84a661 needs: - deploy_docs secrets: diff --git a/.github/workflows/package_chart.yaml b/.github/workflows/package_chart.yaml index 2ac522e0a..9ece21ca8 100644 --- a/.github/workflows/package_chart.yaml +++ b/.github/workflows/package_chart.yaml @@ -17,8 +17,7 @@ jobs: # be ignored and the process will continue. For this to work it's using a pre-created API Token onboard_workflow: name: Onboard Chainloop Workflow - # TODO: pin - uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@main + uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@edd4d30e954a4a456dd770f3b7c5e6871c84a661 with: project: "chainloop" workflow_name: "chainloop-vault-helm-package" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 620338ed8..aaf8e681c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ jobs: onboard_workflow: name: Onboard Chainloop Workflow # TODO: pin - uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@main + uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@edd4d30e954a4a456dd770f3b7c5e6871c84a661 with: project: "chainloop" workflow_name: "chainloop-vault-release" diff --git a/extras/dagger/README.md b/extras/dagger/README.md index b3e9978b5..78bbf574e 100644 --- a/extras/dagger/README.md +++ b/extras/dagger/README.md @@ -73,6 +73,7 @@ dagger call -m github.com/chainloop-dev/chainloop \ --repository /path/to/repo \ # optional flag to automatically attest a Git repository --contract-revision 1 \ # optional flag to specify the revision of the Workflow Contract (default `latest`) --workflow-name the-name-of-the-workflow + --project-name the-name-of-the-project ``` #### 2 - Get the status ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#inspecting-the-crafting-status))