Reusable witness workflow

Signed-off-by: John Kjell <[email protected]>
testifysec · Jun 18, 2024 · 6c72800 · 6c72800
1 parent d23e0d4
commit 6c72800
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/.github/workflows/witness.yml b/.github/workflows/witness.yml
@@ -31,6 +31,7 @@ on:
                 required: false
                 type: string
             pre-command-attestations:
+                default: "environment git github"
                 required: false
                 type: string
             command:
@@ -42,6 +43,10 @@ on:
             attestations:
                 required: true
                 type: string
+            archivista-server:
+                default: "https://archivista.testifysec.io"
+                required: false
+                type: string
 
 jobs:
     witness:
@@ -62,6 +67,7 @@ jobs:
             uses: testifysec/witness-run-action@85ddab8b46a86b2905a3b547a1806ab264fbb810 # v0.2.0
             with:
               version: 0.6.0
+              archivista-server: ${{ inputs.archivista-server }}
               step: pre-${{ inputs.step }}
               attestations: ${{ inputs.pre-command-attestations }}
               command: /bin/sh -c "${{ inputs.pre-command }}"
@@ -72,6 +78,7 @@ jobs:
             uses: testifysec/witness-run-action@85ddab8b46a86b2905a3b547a1806ab264fbb810 # v0.2.0
             with:
               version: 0.6.0
+              archivista-server: ${{ inputs.archivista-server }}
               step: ${{ inputs.step }}
               attestations: ${{ inputs.attestations }}
               command: /bin/sh -c "${{ inputs.command }}"

diff --git a/action.yml b/action.yml
@@ -81,7 +81,7 @@ inputs:
   version:
     description: "Version of Witness CLI"
     required: false
-    default: "0.5.2"
+    default: "0.6.0"
   workingdir:
     description: "Directory from which commands will run"
     required: false

diff --git a/dist/index.js b/dist/index.js
@@ -30509,7 +30509,6 @@ async function run() {
   }
 
   core.addPath(witnessPath);
-  await exec.exec('ls', '-la')
 
   const step = core.getInput("step");
   const archivistaServer = core.getInput("archivista-server");
@@ -30523,6 +30522,9 @@ async function run() {
   const intermediates = core.getInput("intermediates").split(" ");
   const key = core.getInput("key");
   let outfile = core.getInput("outfile");
+  outfile = outfile
+    ? outfile
+    : path.join(os.tmpdir(), step + "-attestation.json");
   const productExcludeGlob = core.getInput("product-exclude-glob");
   const productIncludeGlob = core.getInput("product-include-glob");
   const spiffeSocket = core.getInput("spiffe-socket");

diff --git a/index.js b/index.js
@@ -36,7 +36,6 @@ async function run() {
   }
 
   core.addPath(witnessPath);
-  await exec.exec('ls', '-la')
 
   const step = core.getInput("step");
   const archivistaServer = core.getInput("archivista-server");
@@ -50,6 +49,9 @@ async function run() {
   const intermediates = core.getInput("intermediates").split(" ");
   const key = core.getInput("key");
   let outfile = core.getInput("outfile");
+  outfile = outfile
+    ? outfile
+    : path.join(os.tmpdir(), step + "-attestation.json");
   const productExcludeGlob = core.getInput("product-exclude-glob");
   const productIncludeGlob = core.getInput("product-include-glob");
   const spiffeSocket = core.getInput("spiffe-socket");