Skip to content

Commit 51cfec3

Browse files
matifalimatifali
authored
chore: reuse syft and cosign install actions across workflows (coder#16981)
This pull request adds new GitHub Actions for installing `cosign` and `syft`, and updates the CI, release, and security workflows. **New Actions:** - [`install-cosign`](.github/actions/install-cosign/action.yaml): Installs `cosign` with a configurable version. - [`install-syft`](.github/actions/install-syft/action.yaml): Installs `syft` with a configurable version. **Workflow Updates:** - CI, release, and security workflows now use `install-cosign` and `install-syft`.
1 parent e8d5f98 commit 51cfec3

File tree

5 files changed

+30
-12
lines changed

5 files changed

+30
-12
lines changed

.github/actions/install-cosign/action.yaml

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
name: "Install cosign"
2+
description: |
3+
Cosign Github Action.
4+
runs:
5+
using: "composite"
6+
steps:
7+
- name: Install cosign
8+
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
9+
with:
10+
cosign-release: "v2.4.3"

.github/actions/install-syft/action.yaml

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
name: "Install syft"
2+
description: |
3+
Downloads Syft to the Action tool cache and provides a reference.
4+
runs:
5+
using: "composite"
6+
steps:
7+
- name: Install syft
8+
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
9+
with:
10+
syft-version: "v1.20.0"

.github/workflows/ci.yaml

+2-6
Original file line numberDiff line numberDiff line change
@@ -1071,14 +1071,10 @@ jobs:
10711071
run: sudo apt-get install -y zstd
10721072

10731073
- name: Install cosign
1074-
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
1075-
with:
1076-
cosign-release: "v2.4.3"
1074+
uses: ./.github/actions/install-cosign
10771075

10781076
- name: Install syft
1079-
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
1080-
with:
1081-
syft-version: "v1.20.0"
1077+
uses: ./.github/actions/install-syft
10821078

10831079
- name: Setup Windows EV Signing Certificate
10841080
run: |

.github/workflows/release.yaml

+2-6
Original file line numberDiff line numberDiff line change
@@ -251,14 +251,10 @@ jobs:
251251
rm /tmp/rcodesign.tar.gz
252252
253253
- name: Install cosign
254-
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
255-
with:
256-
cosign-release: "v2.4.3"
254+
uses: ./.github/actions/install-cosign
257255

258256
- name: Install syft
259-
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
260-
with:
261-
syft-version: "v1.20.0"
257+
uses: ./.github/actions/install-syft
262258

263259
- name: Setup Apple Developer certificate and API key
264260
run: |

.github/workflows/security.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,12 @@ jobs:
8585
- name: Setup sqlc
8686
uses: ./.github/actions/setup-sqlc
8787

88+
- name: Install cosign
89+
uses: ./.github/actions/install-cosign
90+
91+
- name: Install syft
92+
uses: ./.github/actions/install-syft
93+
8894
- name: Install yq
8995
run: go run github.com/mikefarah/yq/v4@v4.44.3
9096
- name: Install mockgen

0 commit comments

Comments
 (0)