Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2026-01-23 11:51:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

github attestation

Browse source
This commit is contained in:
Krishna Manchikalapudi 2025-10-07 10:23:53 -07:00
parent eb2af168f5
commit a514bf8fb1
1 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

31
.github/workflows/jf-cli.yml vendored
View file

@ -215,7 +215,10 @@ jobs:
# CERT-IN: https://www.cert-in.org.in/sbom/
- name: "BuildInfo: Collect env"
run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
- name: "BuildInfo: Adds dependencies"
run: jf rt bad ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
- name: "BuildInfo: Add VCS info"
run: jf rt bag ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
@ -232,6 +235,7 @@ jobs:
- name: "Evidence: GitHub Attestation"
continue-on-error: true
uses: actions/attest-build-provenance@v3 # https://github.com/marketplace/actions/attest-build-provenance
with:
subject-name: "oci://${{env.RT_REPO_DOCKER_URL}}"
@ -783,12 +787,25 @@ jobs:
- name: "BuildInfo: Collect env"
run: jf rt bce ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
- name: "BuildInfo: Add Dependencies"
run: jf rt bad ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
- name: "BuildInfo: Add VCS info"
run: jf rt bag ${{env.BUILD_NAME}} ${{env.BUILD_ID}}
- name: "BuildInfo: Build Publish"
run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true
# mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout
# mvn help:evaluate -Dexpression=project.version -q -DforceStdout
- name: "Evidence: GitHub Attestation"
continue-on-error: true
uses: actions/attest-build-provenance@v3 # https://github.com/marketplace/actions/attest-build-provenance
with:
subject-path: "target/spring-petclinic-*.jar"
show-summary: true
github-token: ${{secrets.GITHUB_TOKEN}}
- name: "Evidence: Build Info"
# continue-on-error: true
env:
@ -1309,14 +1326,22 @@ jobs:
- name: "Evidence: Artifact"
env:
REPO_JAR: "${{env.RT_REPO_GRADLE_DEFAULT_LOCAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.4.0/${{env.BUILD_NAME}}-3.4.0-plain.jar" # /krishnam-gdl-dev-fed/org/springframework/samples/spring-petclinic/3.4.0/
# REPO_JAR: "${{env.RT_REPO_GRADLE_VIRTUAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.4.0/${{env.BUILD_NAME}}-3.4.0-plain.jar" # krishnam-gradle-virtual/org/springframework/samples/spring-petclinic/3.4.0/spring-petclinic-3.4.0-plain.jar
REPO_JAR: "${{env.RT_REPO_GRADLE_DEFAULT_LOCAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.5.0/${{env.BUILD_NAME}}-3.5.0-plain.jar" # /krishnam-gdl-dev-fed/org/springframework/samples/spring-petclinic/3.5.0/
# REPO_JAR: "${{env.RT_REPO_GRADLE_VIRTUAL}}/org/springframework/samples/${{env.BUILD_NAME}}/3.5.0/${{env.BUILD_NAME}}-3.5.0-plain.jar" # krishnam-gradle-virtual/org/springframework/samples/spring-petclinic/3.5.0/spring-petclinic-3.5.0-plain.jar
run: |
echo '{ "actor": "${{github.actor}}", "pipeline": "github actions", "build_name": "${{env.BUILD_NAME}}", "build_id": "${{env.BUILD_ID}}", "evd": "Evidence-Artifact", "artifact": "${{env.REPO_JAR}}" }' > ./${{env.EVIDENCE_SPEC_JSON}}
cat ./${{env.EVIDENCE_SPEC_JSON}}
jf evd create --subject-repo-path ${{env.REPO_JAR}} --key "${{secrets.KRISHNAM_JFROG_EVD_PRIVATEKEY}}" --key-alias ${{secrets.EVIDENCE_KEY_ALIAS}} --predicate ./${{env.EVIDENCE_SPEC_JSON}} --predicate-type https://jfrog.com/evidence/signature/v1
- name: "Evidence: GitHub Attestation"
continue-on-error: true
uses: actions/attest-build-provenance@v3 # https://github.com/marketplace/actions/attest-build-provenance
with:
subject-path: "build/libs/spring-petclinic-*.jar"
show-summary: true
github-token: ${{secrets.GITHUB_TOKEN}}
- name: "Evidence: Build Info"
continue-on-error: true
env: