diff --git a/.github/workflows/db-migrations.yml b/.github/workflows/db-migrations.yml index 080840ad..efdc1dd3 100644 --- a/.github/workflows/db-migrations.yml +++ b/.github/workflows/db-migrations.yml @@ -40,7 +40,7 @@ jobs: - name: Check DB Migrations run: | - go get ariga.io/atlas/cmd/atlas@v0.17.0 + go install ariga.io/atlas/cmd/atlas@v0.12.2-0.20230806193313-117e03f96e45 before=$(find ent/migrate/migrations/ -type f | wc -l | awk '{ print $1 }') make db-migrations after=$(find ent/migrate/migrations/ -type f | wc -l | awk '{ print $1 }') diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index cdd0f88b..d08c52c1 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -1,3 +1,17 @@ +# Copyright 2023 The Archivista Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + name: "Fossa Scan" on: diff --git a/Dockerfile b/Dockerfile index 93b575c5..d0fd86e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ FROM golang:1.21.5-alpine@sha256:4db4aac30880b978cae5445dd4a706215249ad4f43d28bd7cdf7906e9be8dd6b AS build WORKDIR /src RUN apk update && apk add --no-cache file git curl -RUN go get ariga.io/atlas/cmd/atlas@v0.17.0 +RUN go install ariga.io/atlas/cmd/atlas@v0.12.2-0.20230806193313-117e03f96e45 ENV GOMODCACHE /root/.cache/gocache RUN --mount=target=. --mount=target=/root/.cache,type=cache \ CGO_ENABLED=0 go build -o /out/archivista -ldflags '-s -d -w' ./cmd/archivista; \ diff --git a/Dockerfile-dev b/Dockerfile-dev index 8492f018..b5666ca0 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -15,7 +15,7 @@ FROM golang:1.21.5-alpine@sha256:4db4aac30880b978cae5445dd4a706215249ad4f43d28bd7cdf7906e9be8dd6b AS build WORKDIR /src RUN apk update && apk add --no-cache file git curl -RUN go get ariga.io/atlas/cmd/atlas@v0.17.0 +RUN go install ariga.io/atlas/cmd/atlas@v0.12.2-0.20230806193313-117e03f96e45 ENV GOMODCACHE /root/.cache/gocache RUN go install github.com/githubnemo/CompileDaemon@v1.4.0 ENTRYPOINT ["sh", "entrypoint-dev.sh"] diff --git a/README.md b/README.md index 783b1b92..012711a7 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,10 @@

+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8280/badge)](https://www.bestpractices.dev/projects/8280) +[![OpenSSF-Scorecard](https://api.securityscorecards.dev/projects/github.com/in-toto/archivista/badge)](https://api.securityscorecards.dev/projects/github.com/in-toto/archivista) +[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B41709%2Fgithub.com%2Fin-toto%2Farchivista.svg?type=shield&issueType=license)](https://app.fossa.com/projects/custom%2B41709%2Fgithub.com%2Fin-toto%2Farchivista?ref=badge_shield&issueType=license) + # Archivista Archivista is a graph and storage service for [in-toto](https://in-toto.io) attestations. Archivista enables the discovery