Skip to content

Bump SCAI predicate version to v0.3 #30

Bump SCAI predicate version to v0.3

Bump SCAI predicate version to v0.3 #30

Workflow file for this run

name: Test composite actions on SBOM+SLSA example
on:
push:
branches:
- main
paths:
- "scai-gen/**"
# Want to trigger these tests whenever the Go CLI or
# APIs are modified
pull_request:
paths:
- "scai-gen/**"
jobs:
sbom-slsa-ex:
runs-on: ubuntu-22.04
steps:
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version: 1.22.x
- name: Checkout updated scai-gen CLI tools
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Setup Env
run: |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Install scai-gen CLI tools
shell: bash
run: |
go install ./scai-gen
mkdir -p temp
- name: Generate SBOM SCAI AttributeAssertion
id: gen-sbom-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSBOM"
evidence-file: "pdo_client_wawaka.spdx.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/json"
download-evidence: false
assertion-name: "hassbom-assertion.json"
- name: Generate SLSA Provenance SCAI AttributeAssertion
id: gen-slsa-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSLSA"
evidence-file: "pdo_client_wawaka.provenance.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/vnd.in-toto.provenance+dsse"
download-evidence: false
assertion-name: "hasslsa-assertion.json"
- name: Generate SCAI AttributeReport
id: gen-sbom-slsa-report
uses: ./.github/actions/scai-gen-report
with:
subject: "examples/sbom+slsa/metadata/container-img-desc.json"
attr-assertions: "${{ steps.gen-sbom-assert.outputs.assertion-name }} ${{ steps.gen-slsa-assert.outputs.assertion-name }}"
report-name: "evidence-collection.scai.json"