Skip to content

Bump SCAI predicate version to v0.3 #33

Bump SCAI predicate version to v0.3

Bump SCAI predicate version to v0.3 #33

Workflow file for this run

name: Test composite actions on SBOM+SLSA example
on:
push:
branches:
- main
paths:
- "scai-gen/**"
# Want to trigger these tests whenever the Go CLI or
# APIs are modified
pull_request:
paths:
- "scai-gen/**"
jobs:
sbom-slsa-ex:
runs-on: ubuntu-22.04
steps:
- name: Install Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version: 1.22.x
- name: Checkout updated scai-gen CLI tools
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Setup Env
run: |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Install scai-gen CLI tools
shell: bash
run: |
go install ./scai-gen
mkdir -p temp
- name: Generate SBOM SCAI AttributeAssertion
id: gen-sbom-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSBOM"
evidence-file: "pdo_client_wawaka.spdx.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/json"
download-evidence: false
assertion-name: "hassbom-assertion.json"
- name: Generate SLSA Provenance SCAI AttributeAssertion
id: gen-slsa-assert
uses: ./.github/actions/scai-gen-assert
with:
attribute: "HasSLSA"
evidence-file: "pdo_client_wawaka.provenance.json"
evidence-path: "examples/sbom+slsa/metadata"
evidence-type: "application/vnd.in-toto.provenance+dsse"
download-evidence: false
assertion-name: "hasslsa-assertion.json"
- name: Generate SCAI AttributeReport
id: gen-sbom-slsa-report
uses: ./.github/actions/scai-gen-report
with:
subject: "examples/sbom+slsa/metadata/container-img-desc.json"
attr-assertions: "${{ steps.gen-sbom-assert.outputs.assertion-name }} ${{ steps.gen-slsa-assert.outputs.assertion-name }}"
report-name: "evidence-collection.scai.json"