From 8108cd13dc154489ceb84a28f4dff13f2a43e187 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 17:37:22 +0500 Subject: [PATCH 1/4] chore: reuse syft and cosign installa actions across workflows --- .github/actions/install-cosign/action.yaml | 14 ++++++++++++++ .github/actions/install-syft/action.yaml | 14 ++++++++++++++ .github/workflows/ci.yaml | 8 ++------ .github/workflows/release.yaml | 8 ++------ .github/workflows/security.yaml | 6 ++++++ 5 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 .github/actions/install-cosign/action.yaml create mode 100644 .github/actions/install-syft/action.yaml diff --git a/.github/actions/install-cosign/action.yaml b/.github/actions/install-cosign/action.yaml new file mode 100644 index 0000000000000..fd91c18f35991 --- /dev/null +++ b/.github/actions/install-cosign/action.yaml @@ -0,0 +1,14 @@ +name: "Install cosign" +description: | + Cosign Github Action. +inputs: + version: + description: "cosign release" + default: "v2.4.3" +runs: + using: "composite" + steps: + - name: Install cosign + uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + with: + cosign-release: {{ inputs.version }} diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml new file mode 100644 index 0000000000000..5ea2fc072d992 --- /dev/null +++ b/.github/actions/install-syft/action.yaml @@ -0,0 +1,14 @@ +name: "Install syft" +description: | + Downloads Syft to the Action tool cache and provides a reference. +inputs: + version: + description: "syft version." + default: "1.22.8" +runs: + using: "composite" + steps: + - name: Install syft + uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + with: + syft-version: {{ inputs.version }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ee97e675cbbdd..0dc740a2ad1ee 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1074,14 +1074,10 @@ jobs: run: sudo apt-get install -y zstd - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/action/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/action/install-syft - name: Setup Windows EV Signing Certificate run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fbb86d7aaf799..a5daf8179ffa0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,14 +251,10 @@ jobs: rm /tmp/rcodesign.tar.gz - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/action/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/action/install-syft - name: Setup Apple Developer certificate and API key run: | diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 3b90616f849f0..96ccede483398 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -85,6 +85,12 @@ jobs: - name: Setup sqlc uses: ./.github/actions/setup-sqlc + - name: Install cosign + uses: ./.github/action/install-cosign + + - name: Install syft + uses: ./.github/action/install-syft + - name: Install yq run: go run github.com/mikefarah/yq/v4@v4.44.3 - name: Install mockgen From fb123556470239815b90c8f87457504fe45ef1f2 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 17:54:36 +0500 Subject: [PATCH 2/4] hardcode version strings --- .github/actions/install-cosign/action.yaml | 6 +----- .github/actions/install-syft/action.yaml | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/actions/install-cosign/action.yaml b/.github/actions/install-cosign/action.yaml index fd91c18f35991..acaf7ba1a7a97 100644 --- a/.github/actions/install-cosign/action.yaml +++ b/.github/actions/install-cosign/action.yaml @@ -1,14 +1,10 @@ name: "Install cosign" description: | Cosign Github Action. -inputs: - version: - description: "cosign release" - default: "v2.4.3" runs: using: "composite" steps: - name: Install cosign uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 with: - cosign-release: {{ inputs.version }} + cosign-release: "v2.4.3" diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml index 5ea2fc072d992..9da31c5670f07 100644 --- a/.github/actions/install-syft/action.yaml +++ b/.github/actions/install-syft/action.yaml @@ -1,14 +1,10 @@ name: "Install syft" description: | Downloads Syft to the Action tool cache and provides a reference. -inputs: - version: - description: "syft version." - default: "1.22.8" runs: using: "composite" steps: - name: Install syft uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 with: - syft-version: {{ inputs.version }} + syft-version: "1.22.8" From 7e1a138296fd616dda80fe65646af5d2a28835b5 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 18:03:36 +0500 Subject: [PATCH 3/4] fix typo --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/release.yaml | 4 ++-- .github/workflows/security.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0dc740a2ad1ee..9aed499c03b5e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1074,10 +1074,10 @@ jobs: run: sudo apt-get install -y zstd - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Setup Windows EV Signing Certificate run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a5daf8179ffa0..f35a004f2e4de 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,10 +251,10 @@ jobs: rm /tmp/rcodesign.tar.gz - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Setup Apple Developer certificate and API key run: | diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 96ccede483398..71d209e2a7dce 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -86,10 +86,10 @@ jobs: uses: ./.github/actions/setup-sqlc - name: Install cosign - uses: ./.github/action/install-cosign + uses: ./.github/actions/install-cosign - name: Install syft - uses: ./.github/action/install-syft + uses: ./.github/actions/install-syft - name: Install yq run: go run github.com/mikefarah/yq/v4@v4.44.3 From 384cfcf24f000f250adc8125bbf774a2dc64ef14 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 18 Mar 2025 18:07:12 +0500 Subject: [PATCH 4/4] fix syft version --- .github/actions/install-syft/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml index 9da31c5670f07..7357cdc08ef85 100644 --- a/.github/actions/install-syft/action.yaml +++ b/.github/actions/install-syft/action.yaml @@ -7,4 +7,4 @@ runs: - name: Install syft uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 with: - syft-version: "1.22.8" + syft-version: "v1.20.0"